Skip to main content
I have an application that I am debugging and having a difficult time due to my somewhat limited knowledge of Active Directory and how it works.

Here's our situation. We have two domains that we need to use within K2. For now, we'll call them Maindomain and Newdomain.
a. Maindomain is the domain that K2 is running under.
b. Newdomain is a domain from a newly acquired company that we are trying to integrate with.

The application takes a username (mmarble) and does a lookup into AD to pull back the email address. This was to be the element that would be used for AD resolution and authentication. I am not sure why or if there would be a better method because this was developed by an outside consultant and now we're trying to make it work.

The form does a lookup in AD based on a user-id and when it's submitted, it generates an XML document to pass the variables along. All of the username fields are username@maindomain.com or username@newdomain.com and I can see it is pulling the correct emails in the data that's submitted.

The problem is, when it tries to take that email address to resolve a Destination, it doesn't work. This is what is output in the AdumError.txt file:

This is for a user on Maindomain

26-10-06 04:02:49 GetUser
The specified user does not exist Resolving User:Maindomainmmarble@MaindomainName.com
at Secur32DLL.Translate.NameToDN(String Name)
at ADUM.K2UserManager.GetUser(String Name)
Additional Information
GetUser(Maindomainmmarble@MaindomainName.com)


When I submit a request for a different user on the other domain (Newdomain), this is what it looks like. Notice that it's still using the "Maindomain" address.

26-10-06 04:05:14 GetUser
The specified user does not exist Resolving User:MaindomainMMarble@NewdomainName.com
at Secur32DLL.Translate.NameToDN(String Name)
at ADUM.K2UserManager.GetUser(String Name)
Additional Information
GetUser(MaindomainMMarble@NewdomainName.com)

I have no idea if this will make sense to anyone or not, as my AD knowledge and general knowledge of this level of user authentication is pretty limited.

Thanks for any help you might be able to offer.
I think there are two problems here:

1. K2 does not resolve/assign task based upon email address. It will need a fully qualified AD name (DomainUsername) in order to resolve correctly.

2. K2 needs to be aware of the additional domain. This can be configured in the K2 Server and K2 Studio config files. More details on this can be found in the below postings:

- http://forum.k2workflow.com/viewtopic.php?t=118
- http://forum.k2workflow.com/viewtopic.php?t=117

This assumes, of course, that the proper trusts exist between the domains in order for the Service account that is running K2 Server has the ability to query across domains.

Reply