K2 BLACKPEARL PRODUCT DOCUMENTATION: USER GUIDE
Active Directory Event Wizard - Overview

Active Directory Event Wizard - Overview

Active Directory is a centralized and standardized system that automates network management of user data, security, and distributed resources. It presents a hierarchical organization structure that provides a single point of access for system administration (management of user accounts, clients, servers, and applications, for example) to reduce redundancy and errors.

The K2 Active Directory Event Wizard provides workflow access to specific Active Directory related events, as listed below:

These events enable a workflow creator to design a workflow that utilizes the functions of Active Directory. Please note that the process event will require the correct permissions to perform these tasks. If the K2 Server Service account does not have these permissions then use the Run As function to supply the event with the correct user identity.

The Active Directory Event Wizard requires Active Directory Server Windows 2000 Functional Level or greater.

Permissions

In order for the K2 Active Directory Event to perform the action that has been configured, the correct user permissions must be available to the action. There are two possible ways to provide these:

1) The K2 Service account needs to have  at least Account Operator permissions, i.e. be a part of the Account Operator group.

OR

2) The wizard needs to be configured with the 'Run As' rights of a user that has at least Account Operator permissions. See Run As - Runtime versus Design-time

Be aware that Account Operators can't manage the Administrator user account, the user accounts of administrators, or the group accounts Administrators, Server Operators, Account Operators, Backup Operators, and Print Operators. Account Operators also can't modify user rights.

If you wish to  use the wizard to perform any of these tasks, you will need to give the K2 Service Account Administrator permission, or run the Wizard as a user with Administrator permissions. However, it is advised that great care be taken when adding users to this group (See http://technet.microsoft.com/en-us/library/bb726982.aspx)

If the K2 Service account does not have Account Operator permissions and you manually add them, the K2 Host Server needs to be restarted before the changes will be in effect. This is needed because the server caches the K2 Service Account credentials.

Troubleshooting

If the K2 environment does not use Active Directory, a K2 Process configured with the Active Directory Event Wizard will only go into an error state once a process instance executes the Active Directory event.

See Also

 

 


K2 blackpearl Help 4.6.11 (4.12060.1731.0)