An AD Service the offers the following features: • CreateUser • UpdateUser • ReadUser • GetUsers • Move User OU • Add User To Groups • Remove User from Groups • Search User by SubString • Search Groups By SubString This is release one of the service which as per the ‘Project Overview’ provides the ability to have more advanced Active Directory integration focused around Active Directory Users. In the Zip file for the project is the document
Last version: "ActiveDirectoryDynamicSO 188.8.131.52.zip" generated the 3 June 2022.
We have added a couple of our custom AD fields to this SmartObject and am returning a list of all employees. The query is returning exactly 1000 records and we are expecting around 1300 back. I know there is a paging parameter when querying from AD that defaults to 1000 records. Is there an easy workaround in order to return all records?
After digging into the code a little bit. Active Directory will put a limit of 1000 records on a search that does not have the PageSize declared. I added this line of code to: ADHelper.cs in the ActiveDirectoryDynamicSO project The Code I added:
public Exception getUsers(ref ServiceObject so)
Exception exc = null;
//Need to decide if will allow user to pass domain in as a parameter?
string conString = getLDAPPath("");
//DirectoryEntry dirEntry = new DirectoryEntry(conString);
DirectoryEntry dirEntry = getDirectoryEntry(conString);
DirectorySearcher dSearcher = new DirectorySearcher(dirEntry);
//Set the filter for the search
dSearcher.Filter = getADUserLookUpString(ref so);
int limit = 2000;
if (so.Properties["MaxSearchResultSize"].Value != null)
if (so.Properties["MaxSearchResultSize"].Value.ToString() != "*")
int.TryParse(so.Properties["MaxSearchResultSize"].Value.ToString(), out limit);
Method meth = so.Methods;
dSearcher.PageSize = 1200;
dSearcher.SizeLimit = limit;
System.DirectoryServices.SearchResultCollection sResults = dSearcher.FindAll();
foreach (SearchResult sResult in sResults)
addReturnPropFromDirObject(ref dirEntry, ref so,sResult);
catch (Exception ex)
exc = ex;
Recompile, move K2.PSUK.ActiveDirectoryDynamicSO.dll to the ServiceBroker directory on the K2 server, refresh Service Object, Refresh Service Instance, and rerun the SmartObject. This did the trick!
Is it possible to configure multiple domains, as in the Active Directory service instance?
We're trying to do this, but it's not working, it gives an error:
"The format of the specified domain name is invalid"
We tried to configure the domains delimited with commas, and with semi-collon.
In the documentation under the section "Modifying the Service Schema" it says to "Load the Schema from your K2 Server (C:Program FilesK2 blackpearlServiceBrokerSchemaObject.xml)"
It appears in fact that the service instance looks for this file under C:Program FilesK2 blackpearlHost ServerBin
When I went to create the service instance I got an error message saying it could not locate the SchemaObject.xml file in this directory
After carefully followed the instructions from the document provided as part of the downloaded zipped.
From SmartObjects - Services - Test tool, as a test I tried to execute "GetUsers" and "ReadUser" but received an error message as:
"Index was out of rang. Must be non-negative and less than the size of the collection.
Parameter name: index
Service Guid: [guid info]
has anyone experienced this error or could you please kindly provide some advices how I can resolve this error.
We are experiencing an issue where a people picker control using the GetUser method isn't resolving a user when their account name is entered. The same user will be sucessfully returned if using the smartobject tester or a smartform where a button click calls the smartobject method using an input control as the account name input.
I reviewed the smartobject logging output of the call being made by the people picker vs the smartform example above and noticed that the former uses a contains operator while the latter uses direct equality.
I tried to mimic this in the tester using filters on AD properties which I know would include my example user account in the results, but it again wasn't returmed.
Some research showed that it wasn't returning users added to AD after a certain time.
The built-in AD User 2 object does return this user.
Is this associated with the limit mentioned in an earlier post?
BTW - I tried to open the solution file to have a poke around and it complained about not being able to check out a file from source control; not sure what thast is about.
Any help would be appreciated.
Share your ideas and thoughts to me please, I have following condition:
Source code changes:
1. GetUsers method - increased size limit
2. Modified SchemaObject.xml - Added input and output attributes (including standard, custom)
1. ServiceType registered
2. ServiceInstance created
3. SmartObjects generated
4. When execute SmartObject method from SmartObjects - Services - Tester.exe
Error thrown with: The user name or password is incorrect.
We have normally running K2 environment, standard AD Service2 is working fine.
Methods from 1-4 all executed through the main service account configured for K2 environment.
Main service account can query normally from the ActiveDirectory using Powershell script.
Thanks in advance.
ADSO uses LDAP call to retrieve data from AD or does it use a database that has the information synced with AD.
Was there ever a resolution to the port from Andrew Blinco above?
We are encountering a similar issue with the installation on our validation/test environment. We have installed the Dynamic ADSO the same way on our development environment with out any issues and files are installed in the smae locations/directory paths on both environments.
I try using the Create User function and added the Common Name field to the schema.
It throws the invalid dn error and does not let me to specify the Common Name cn field so record will appear with its sAMAccountName in AD.
Is it possible to set the cn to FirstName_Surname eg John Smith rather than default it to sAMAccountName (john.smith) please?
this is a really useful service. I did however encounter performance issues when running the GetUsers method when returning 600+ users. It was taking over 60 seconds whereas the ADUser2 service was taking under 1 second to return the same number of users.
to resolve this problem i added a new function to the code to set the Searcher.PropertiesToLoad property to only the items being returned. this reduced the time from over 60 seconds to sub 1 second.
dSearcher.Filter = getADUserLookUpString(ref so);
where getReturnPropsFromServiceObject is:
private string getReturnPropsFromServiceObject(ref ServiceObject so)
List<string> returnProps = new List<string>();
Method meth = so.Methods;
for (int c = 0; c < meth.ReturnProperties.Count; c += 1)
Property prop = so.Properties[meth.ReturnProperties
if (prop.Name.IndexOf("UAC_") != -1)
if (returnProps.IndexOf("userAccountControl") == -1)
if (prop.Name.IndexOf("OrganisationalUnit") != -1)
we have a problem where if we look for multiple people via a property
for people that have blank properties, they are getting populated from the person above them
for example - the property securityLicence is used by 3 people, yet when searching for users with the result we are getting others populated
It seems that the download link has been eaten by the community relaunch. Could you please check it?
does this service work on K2 FIVE ?
I get this error when i want to register the service type from the smartobject tester ++:
we are using the Dynamic ADSO service object.
i have modified the config to look at extra AD attributes.
i am running the get users method and applying a filter to look for specfic field that is not blank
the query takes ~40 odd seconds to run.
how can i increase the time for this to run?
in a programming world with powershell, i would scope the search to a certain OU. is that possible, or can someone suggest the best method to peform AD query to look for a custom attribute and filter for ones with values
In case of the "The user name or password is incorrect" try to change service instance to use Impersonation instead of Service Account. It helped in my case.
Can you confirm if it is possible when using the feature Move OU that it is possible to move an Object to a Sub OU?
I,e Move a user from Users,IT Users TO Users, Admin Users
if we have load balancer setup, do we have to add this in both server?