Skip to main content

I found this string:  http://community.k2.com/t5/K2-blackpearl/AD-groups-in-k2-roles/td-p/36371 but the issue with AD Groups resolving was never answered.

 

I would surely like to know what the solution to this issue was. We are having issues with picking AD groups as the destination from an InfoPath web enabled form. Sometimes it works. Sometimes it doesn't with the error of "an activity must have at least one destination". My developers think it has something to do with the way the AD groups are created in AD (naming, special characters, spaces, etc.). I think it has to do with the way we are implementing the work flow. The smart object we use returns the name of the AD group but the users never make into K2. There are no users resolved in the audit trail.

 

Also what is the "Include Collection?"

Hi Jaswerl,

 

To answer your bonus question "What is the Include Collection?", the poster in the linked thread most likely was refering to the small checkbox in the K2 Workspace where you can tell if an Active Directory Group is "included" or not in a role. (See my screenshot)

 

Now onto your main business: From what you are explaining, it would seem the way you configured your destination in your workflow is correct (since it works in some cases, but not in others).

 

My first troubleshooting step if I was in your shoes would be to take a look at the User Manager settings in the K2 workspace to make sure everything is correct.

 

1st thing to check: Are some of those AD groups containing other AD groups (called 'Nested Groups'). If yes, there is a setting that must be checked in the K2 workspace to allow for the appropriate resolution. (See my screenshot for where this setting is located)

 

2nd thing to check: Is the User Manager for your Active Directory domain limited in the number of users/groups it can return. I have had this problem in the past where some users/groups were being returned and were accessible within K2 while others were not. There is a setting that limits the number of users/groups returned by the User Manager (that would include SmartObjects hitting on the User Manager, which is the method you are using right now). By default, a brand new K2 install put this limit to 100. (See my screenshot for where this setting is located)

 

I hope this helps.

 


16890i159A88B7497FD965.png
13954i912267487F7AFBE0.png
15123i86E0978C6527E230.png

Thanks for the tips @psionikangel.  I will give these a try. How did you solve the AD limit issue? K2 documentation doesn't reccomend setting it above 100 items.

I selected the 'No limit' option. I never encountered problems by choosing this option. (It is noticeably slower when using the Context Browser though). But, your mileage may vary.

 

I guess you have to test and see for yourself if it's the right solution for you.

We looked at the settings in the user manager and tried setting them toother than the default values. We tried a limit number of 1000 then we tried no limit. Certain groups did not resolve to the users. Is there somthing else we need to do like restart the k2 service after those changes?

 

Also I did a little testing today. It does seem to be limited to specfic AD groups. We are going to analyze the AD group's attributes to see if there are any differences between the AD groups that work and those that don't.

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings