K2 Workflow Wizards - Active Directory
The Active Directory Wizards allow certain Active Directory based actions to be automatically performed during the Workflow. These actions are displayed on the navigation bar as displayed below:
Fig. 1. Active Directory Wizards
| Feature | What it is |
|---|---|
| Create New User | Allows the workflow creator to create a new user in Active Directory as part of the Workflow |
| Update User | Allows the workflow creator to update an Active Directory user's details as part of the Workflow |
| Disable User | Presents the workflow creator with the option to disable a particular user's Active Directory account |
| Add User to Group | Allows the workflow creator to add a specific user to a an Active Directory group |
| Remove User From Group | Allows the workflow creator to remove a specific user from an Active Directory group |
| Remove User From All Groups | Presents the workflow creator with the option to remove a specific user from all Active Directory groups |
| Create Group | Allows the workflow creator to create an Active Directory group as part of the Workflow |
| Update Group | Allows the workflow creator to update the details of an Active Directory group |
| Remove Group | Presents the workflow creator with the option to remove a particular group from Active Directory |
| Add Members To Group | Allows the workflow creator to add multiple users or groups (members) to an Active Directory group |
| Remove Members From Group | Allows the workflow creator to remove multiple users or groups (members) from an Active Directory group |
 |
The Active Directory Event Wizard requires Active Directory Server Windows 2000 Functional Level or greater. |
Permissions
In order for the K2 Active Directory Events to perform the action that has been configured, the correct user permissions must be available to the action. There are two possible ways to provide these:
1) The K2 Service account needs to have at least Account Operator permissions, i.e. be a part of the Account Operator group.
OR
2) The wizard needs to be configured with the credentials of a user that has at least Account Operator permissions.
Be aware that Account Operators can't manage the Administrator user account, the user accounts of administrators, or the group accounts Administrators, Server Operators, Account Operators, Backup Operators, and Print Operators. Account Operators also can't modify user rights.
If you wish to use the wizard to perform any of these tasks, you will need to give the K2 Service Account Administrator permission, or run the Wizard as a user with Administrator permissions. However, it is advised that great care be taken when adding users to this group (See http://technet.microsoft.com/en-us/library/bb726982.aspx)
 |
If the K2 Service account does not have Account Operator permissions and you manually add them, the K2 Host Server needs to be restarted before the changes will be in effect. This is needed because the server caches the K2 Service Account credentials. |
* The Active Directory wizard is only available in K2 blackpearl.
