We currently don't have any documentation explaining what happens when customers need to reduce the user tier allowed by a new license and they have more users in the instance than the new license will allow. There should be one FAQ for Fisheye and another one for Crucible containing the following.

Here are some questions from a customer, and our answers in red, that could be added to this new documentation:

Question 1:

We are going to reduce the license for Fisheye & Crucible from unlimited to a fix # of licenses. Say if we have only 50 user licenses for Fisheye and Crucible, but the Active Directory security group has 100 users, how is Fisheye/Crucible going to behave? Will it stop the 51st user to log in?

All users will still be able to login, but:
* Regular users won't be able to use the instance at all, as this screen will be presented whenever they try to browse repositories or work on reviews:

Administrator users will still be able to reach the administration panel though, in order to fix whatever needs fixing, by accessing http://<site-url>/admin/admin.do directly in the web browser and typing the Administration Page Password which can be reset if they don't happen to remember it.

Question 2:

Is this license by name or unnamed license and just based on the pool?

All you need to do is make sure that the number of users being synced from Crowd does not exceed the number of users allowed by the FishEye/Crucible licenses. Following your example, you cannot sync more than 50 users into FishEye/Crucible.
This usually means doing the following:
* Making sure that the Crowd groups being synced into FishEye / Crucible have up to 50 users associated to them.
* That the Global permissions are configured correctly for these Crowd groups.

Question 3:

So all can log in, but who takes the priority? If there are 51 users in the AD group, and only 5 people log in, can this 51st user log in and do the work because the other 45 are not in?

It's not the number of users currently logged in that is taken in consideration. When we took that screenshot attached in my previous comment, only one user was logged into the instance.
In your example, all 100 users will still be able to login regardless of how many are logged in at the moment, but they won't be able to do anything else.
What is taken in consideration is the number of users granted access to Fisheye and / or to Crucible in Global permissions.

Question 4:

So in order words, the first 50 users who granted the login, will be in. Then no matter if these 50 users log in or not, the 51 user can’t do anything in Fisheye/Crucible, until 1 user removed from the group?

Exactly, but there are two addendums: only the 50 users granted access will be allowed to login. Any other user not granted access will not be able to login, no matter how many users are logged into the instance at that moment, until one of the 50 users allowed is removed from the group and the user not yet granted access is added to the group and the Crowd directory configured in FishEye /Crucible is resynced.