Issue Summary

All details regarding the bug behaviour is captured in https://jira.atlassian.com/browse/CWD-6391 ticket. The bug has been fixed in Crowd 6.0.10. Please note that, this Confluence bug ticket is a placeholder till fixed version of Embedded Crowd is bundled with Confluence.

Steps to Reproduce

1. Setup a Clustered LDAP system
2. Connect the clustered LDAP system as a User Directory in Confluence
3. Synchronize the User Directory in Confluence

Expected Results

The user directory should be able to perform full and incremental synchronizations without any errors

Actual Results

The synchronization fails with the following error captured in the atlassian-confluence-security.log file:

2025-08-11 13:48:03,194 ERROR [Caesium-1-2] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ xxxxxx ].
com.atlassian.crowd.exception.OperationFailedException: No highestCommittedUSN attribute found for AD root
	at com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchHighestCommittedUSN(MicrosoftActiveDirectory.java:759)

Workaround

Change the directory Implementation class and ldap.external.id.

• Before

  Implementation class: com.atlassian.crowd.directory.MicrosoftActiveDirectory
  ldap.external.id: objectGUID
  

• After

  Implementation class: com.atlassian.crowd.directory.GenericLDAP
  ldap.external.id: entryUUID
  

VDS or other proxies for the ldap system do not expose the attribute that the Microsoft AD Connector is trying to fetch. The generic ldap adapter doesn't use the same method and therefore this issue cannot occur. User directory should sync successfully after this change.