How to Exclude Active Directory Default Domain Groups from Confluence


アトラシアン コミュニティをご利用ください。



When using Microsoft Active Directory, you may wish to filter out the default groups - such as Domain Admins, and Cert Publishers. These are default groups in Active Directory, and depending on your requirements, it may difficult or impossible to write a filter that excludes them all. Instead, you can filter objects by ignoring any that have the isCriticalSystemObject property set on them.

This also applies to any product where you can specify an LDAP filter - in this particular example, we're using Confluence.


You should perform these tests in a test environment first - that way, you don't accidentally lock your users out of Confluence

  • Log into Confluence as an Administrator from the local directory (this is so you can make changes to the Active Directory
  • In Confluence Administration, click "User Directories"

  • Next to your Active Directory, click "Edit"

  • Click "Group Schema Settings" to expand those settings

  • The default Group Filter is:

  • Change it to the following:


    (info) You may need to adjust this filter further, depending on your particular configuration and goals.

  • This will match any object that is a group, and does not have the isCriticalSystemObject property set to true.
  • Save the changes, and perform a sync - the groups should no longer be present in the Groups screen of Confluence
最終更新日: 2016 年 2 月 26 日


Powered by Confluence and Scroll Viewport.