Ignoring disabled users in LDAP Active Directory [zt]



Our Jira and LDAP Active Directory (Microsoft) are integrated.

As a company policy, we never delete users from our AD, but disable them.

However, in Jira I see all users (both enabled and disabled).

How do I configure my Jira to ignore disabled users?



You could perhaps filter by the LDAP attribute userAccountControl

Based on Microsoft Support’s explanation:

The attribute that holds this information is the userAccountControl attribute. This attribute is composed of a combination of different flags. The flag for setting the object that you want to disable is UF_ACCOUNTDISABLE, which has a value of 0x02 (2 decimal). The bitwise comparison filter that specifies userAccountControl with the UF_ACCOUNTDISABLED bit set would resemble this:


…would be all accounts that are not disabled.

So, in JIRA Admin | Users | User Directories

Select your AD configuration then expand the User Schema Settings heading

In the User Object Filter field, paste something like…


This is the default filter for AD with the additional filter added.

Or the selected field here:

![Ignoring_disabled_users_in_LDAP_Active Directory](http://photo.liudongkai.com/blog/Ignoring_disabled_users_in_LDAP_Active Directory_1.png)