If your organization recently moved from a local Active Directory server to JumpCloud using the Active Directory Integration (ADI) and you want to decommission your AD Integration, you need to release your users from being externally managed in order for JumpCloud to become the sole identity manager for your users. To release users from external management, you'll change the externally_managed parameter to False using JumpCloud's PowerShell Module.
If you wish to remove the user(s) from the “JumpCloud” Active Directory Security Group you may do so, but only after completing the following procedure.
Note: The standard name for this Security Group is “JumpCloud”, yours may be different if changed during initial ADI configuration.
- Use the AD Import or AD Sync agent to import or create users in JumpCloud from Active Directory.
- Install the PowerShell Module (Watch a PowerShell Module Video Tutorial)
Step 1: Release a user, group of users, or all users from external management
To release a user from external management using the JumpCloud PowerShell Module
- Open a PowerShell window and launch the JumpCloud PowerShell Module.
- Run the following command, replacing jack.colby with the appropriate JumpCloud user:
Set-JCUser -Username jack.colby -externally_managed $false
To release a group of users from external management
Run the following command, replacing Dev with the appropriate JumpCloud group:
Get-JCUserGroupMember -GroupName Dev | Set-JCUser -externally_managed $false
To release all users in JumpCloud from external management
This will apply to ALL users in JumpCloud! Do not run this if you need some users to remain AD-managed.
Get-JCUser | Set-JCUser -externally_managed $false
Step 2: Remove user from the ADI-created user group
- Log in to the JumpCloud Admin Portal.
- Navigate to USER MANAGEMENT > User Groups.
- Select the ADI-created user group and then select the Users tab.
- Deselect the users you would like to remove from the group.
- Click save.
Step 3: Remove user from Active Directory security group (Optional)
- In Microsoft Active Directory, navigate to Management > User Management > Group Attributes.
- Choose the domain and OU.
- Select the desired list of users or import a CSV file with the preferred list of users.
- Select the security group from which the users should be removed, and click Apply.