Convert AD-Managed User Accounts

If your organization recently moved from a local Active Directory server to JumpCloud using the Active Directory Integration (ADI) and you want to decommission your AD Integration, you need to release your users from being externally managed in order for JumpCloud to become the sole identity manager for your users. To release users from external management, you'll change the externally_managed parameter to False using JumpCloud's PowerShell Module. 


If you wish to remove the user(s) from the “JumpCloud” Active Directory Security Group you may do so, but only after completing the following procedure.

Note: The standard name for this Security Group is “JumpCloud”, yours may be different if changed during initial ADI configuration.


Step 1: Release a user, group of users, or all users from external management

To release a user from external management using the JumpCloud PowerShell Module

  1. Open a PowerShell window and launch the JumpCloud PowerShell Module.
  2. Run the following command, replacing jack.colby with the appropriate JumpCloud user: 

Set-JCUser -Username jack.colby -externally_managed $false

To release a group of users from external management

Run the following command, replacing Dev with the appropriate JumpCloud group: 

Get-JCUserGroupMember -GroupName Dev | Set-JCUser -externally_managed $false

To release all users in JumpCloud from external management


This will apply to ALL users in JumpCloud! Do not run this if you need some users to remain AD-managed.

Get-JCUser | Set-JCUser -externally_managed $false

Step 2: Remove user from the ADI-created user group

  1. Log in to the JumpCloud Admin Portal.
  2. Navigate to USER MANAGEMENT > User Groups.
  3. Select the ADI-created user group and then select the Users tab.
  4. Deselect the users you would like to remove from the group.
  5. Click save.

Step 3: Remove user from Active Directory security group (Optional)

  1. In Microsoft Active Directory, navigate to Management > User Management > Group Attributes.
  2. Choose the domain and OU.
  3. Select the desired list of users or import a CSV file with the preferred list of users.
  4. Select the security group from which the users should be removed, and click Apply.
Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case