Symptoms
When I look at a user that was created via K2 SmartObject (top one below) versus an existing user (bottom user below) that was not, their distinguished names look like this:
CN=K2 Test23,CN=Users,DC=ad,DC=domain,DC=org
CN=John Doe,OU=OT,DC=ad,DC=domain,DC=org
I had thought that I'd be able to set the organizational unit. But when I try to set the organizational unit to OT (like the bottom user), I get this message:
Message: User could not be created. An Active Directory error has occurred. Details: LDAP Message LDAP_INVALID_DN_SYNTAX Description Distinguished name has syntax that is not valid. ServiceName: Account Management Service ServiceGuid: cd3804d6-973d-4de4-bf78-8427f6761011 InnerExceptionMessage:
Diagnoses
Confirmed that we are seeing this error when executing the create method on an AD User smartobject while in a workflow. Experimented with different ways to format the organizational unit. Based on the error shown we are not providing valid syntax for a property and LDAP will not allow this.
Resolution
Adding "OU=..." instead of just adding the name of the organizational unit allowed us to create the user. The OU will now show up in the distinguished name of a user created via a smartobject. When doing this via the smartobject we need to ensure that the value entered for the Organizational Unit property is similar to this format "OU=Users" instead of just "Users". Error no longer shows when executing this smartobject.
Feature request has been created to eliminate the need to add OU= in the smartobject property Organizational Unit during the Create Method. For now we recommend using the AD Event Wizard that is available in the workflow designer. This will automatically populate the value for OU properly.
http://help.k2.com/onlinehelp/K2blackpearl/UserGuide/current/webframe.html_AD_Wizard_-_Create_User_-_Details.html