https://answers.atlassian.com/questions/59972/ignoring-disabled-users-in-ldap-active-directory
Q:
Our Jira and LDAP Active Directory (Microsoft) are integrated.
As a company policy, we never delete users from our AD, but disable them.
However, in Jira I see all users (both enabled and disabled).
How do I configure my Jira to ignore disabled users?
Thanks.
A:
You could perhaps filter by the LDAP attribute userAccountControl…
Based on Microsoft Support’s explanation:
The attribute that holds this information is the userAccountControl attribute. This attribute is composed of a combination of different flags. The flag for setting the object that you want to disable is UF_ACCOUNTDISABLE, which has a value of 0x02 (2 decimal). The bitwise comparison filter that specifies userAccountControl with the UF_ACCOUNTDISABLED bit set would resemble this:
1 | (!(UserAccountControl:1.2.840.113556.1.4.803:=2)) |
…would be all accounts that are not disabled.
So, in JIRA Admin | Users | User Directories
Select your AD configuration then expand the User Schema Settings heading
In the User Object Filter field, paste something like…
1 | (&(objectCategory=Person)(sAMAccountName=*)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) |
This is the default filter for AD with the additional filter added.
Or the selected field here:
