Symptoms

GetUser noise issue
 

Diagnoses

We are experiencing an issue with K2 Blackpearl continuously calling for users that do not exist in Active Directory. These users may have existed as some point but have been removed from AD. This constant GetUser is causing a heavy LDAP traffic on our Domain Controllers. This issue logs constant errors in the Server Event logs and also the K2 Host Server logs.

 

Resolution

Regarding the issue with removed/deleted AD users, you could confirm that the removed AD users are not belonging to any group, see sample below.

For example
-Run this query to look up the specific user (removed AD user). If user is removed from AD, during the K2 identity service refresh which is happened every 8 hours, K2 will check AD and set the user's status to disabled, Enabled = 0.
Select * from oK2].2Identity].yIdentity] where Name like 'DenallixBlake%'
-Get this user ID value and search the Identity.IdentityMember table, the query shows the container ID (group) that the user is belonging to.
Select * from oK2].2Identity].yIdentityMember] where MemberID = '1013'
-Below query will look up the groups that the user is a member of.
Select * from oK2].2Identity].yIdentity] where ID in (10, 13, 1012).