Change LDAP string to use a specific Domain Controller server

  • 15 February 2022
  • 0 replies

Userlevel 4
Badge +16


Change LDAP string to use a specific Domain Controller server

This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice. This article is not considered official documentation for K2 software and is provided "as is" with no warranties.


This KB describes how to force the K2 server to use a specific Domain Controller

Before You Begin


You will have to modify the LDAP string to use the Domain Controller you want to use, as described in this article:

You can also make sure the K2 Server is able to reach the Domain Controller using the "nltest" command, as per this article:


Build the string as follows:


 Where is the domain controller, that needs to be used.

Note that if this domain controller becomes unavailable, K2 functionality will be impacted. Especially in older versions, K2 might not work at all.

How-to Steps

Go to K2 Management then browse to your Users > K2 > Domains where you should see all your registered domains with their respective LDAP:// or GC:// strings.

Edit the LDAP:// or GC:// strings there to only use one Domain Controller as per the above.

If there is only one domain registered then this LDAP string can not be edited, therefore you will have to make changes directly in the K2 database. Please log a support ticket to get help with modifying the XML in the RoleInit column for the "K2" Security Label in the [HostServer].[SecurityLabel] table.

Please restart your K2 Service for the changes to take effect.

0 replies

Be the first to reply!