Using getusersbygroup for all users?

Hi,

I tried testing the AD User SMO on my own environment, but there's no issue with it when I specify the userid.

Instead of using the AD User, have you tried using the UMUser and UMGroup SMO? These SMOs will search on K2 identity cache instead of performing a direct query to your AD. If a user cannot be found in the cache, K2 should attempt a query to your AD, then populate that user into the identity cache. Its supposed to be faster this way, and gets around some of the restrictions that AD may impose. For exmaple, I have heard about users unable to search using the AD User SMO as their AD  starts blocking K2 the moment K2 starts sending a large number of queries.

Hi,

I've already tried the following with NO luck unfortunately:

URMUser SMO Find Group Users Method:

1) Set Groupname to domain users

2) labelname to the usual label

3) Filter = Name = Userid of the user

Execution time:  3 Minutes... to get an actual result with the user in it

UMUSER SMO Get Group Users Method:

1) Set Groupname to domain users

2) labelname to the usual label

3) Filter = Name = Userid of the user

Execution time:  3 Minutes... to get an actual result with the user in it

Surely if the UM SMO are cached data, why is it still taking this long

...And this is directly from the K2 Tester Tool

Hey Sharpharp1

I have attached a document that demonstrates creating a User SmO to return K2's cached group members - just as a reference.   There is also another way to return group members which involves creating a copy of the K2 Management Group SmartObject. 

This can be done through Designer by clicking on the Managment Group SmartObject and then clicking 'Save As'. (I have attached a screenshot.) The 'Save As' feature will allow you to create a duplicate Group SmO without the system bindings that would prevent it from being Packaged. After clicking 'Save As', you can change the name of the new SmO and select which category to save it to. 

I beleive the Group SmartObject (and new copy)  pull directly from the data source and not the K2 cache. This could cut down on the time it takes to return the group members. 

 Edited: Grammer

It could be possible to lock down the runtime site in IIS so that only Domain users can access it, I have not tried this but could be possible, the Kb below explains how to do this for Designer but can be applicable for Runtime site as well. This will however lock it down for all runtime forms

https://help.k2.com/kb001309

HTH

Vernon

K2 will not accept any liability for any issues arising from actions taken in respect of the information provided by any forum member

Hi,

Thanks KtoZ, i followed the steps to create the new SMO and run it with the tester tool.

In the Tester Tool i entered the Group name: domain users

labelname: usual label,

the execute:

It's a little faster, but still takes 78 seconds to resolve the name...

Hi,

The Domain Users will always slow especially with large domain. The other consideration is, it might not query the latest information from AD. I would avoid it. Perhaps, this blog (K2 Smartforms Runtime Authorization) might help, you can create a K2 role and add the internal K2 group, 'Everyone' group in it.