Convert AD-Managed User Accounts

If your organization recently moved from a local Active Directory server to JumpCloud using the Active Directory Integration (ADI) and you want to decommission your AD Integration, you need to release your users from being externally managed in order for JumpCloud to become the sole identity manager for your users. To release users from external management, you'll change the externally_managed parameter to False using JumpCloud's PowerShell Module. 

Prerequisites:

• Use the AD Import or AD Sync agent to import or create users in JumpCloud from Active Directory.
• Install the PowerShell Module (Watch a PowerShell Module Video Tutorial)

Step 1: Release a user, group of users, or all users from external management

To release a user from external management using the JumpCloud PowerShell Module

1. Open a PowerShell window and launch the JumpCloud PowerShell Module.
2. Run the following command, replacing jack.colby with the appropriate JumpCloud user: 

To release a group of users from external management

Run the following command, replacing Dev with the appropriate JumpCloud group: 

To release all users in JumpCloud from external management

Step 2: Remove user from the ADI-created user group

1. Log in to the JumpCloud Admin Portal.
2. Navigate to USER MANAGEMENT > User Groups.
3. Select the ADI-created user group and then select the Users tab.
4. Deselect the users you would like to remove from the group.
5. Click save.

Step 3: Remove user from Active Directory security group (Optional)

1. In Microsoft Active Directory, navigate to Management > User Management > Group Attributes.
2. Choose the domain and OU.
3. Select the desired list of users or import a CSV file with the preferred list of users.
4. Select the security group from which the users should be removed, and click Apply.