Domains
K2 will add a Default Domain based on the domain of the account used to install K2. If an organization has multiple Active Directory (AD) domains or a new domain is added to the organization’s AD infrastructure, those additional domains will not automatically be discovered by K2 or appear in K2 administration tools. Additional domains must be added when necessary. You can also edit and delete existing domain entries. Any of these operations should preferably be performed using this Domains page in the K2 Management Site. See the Domains section for additional notes about multiple domains before you perform any demonstrative changes on the Domains screen.
Follow these steps to add a domain:
- On the Domains page, click Add.
- The Add Domain screen will open. Provide the values for the new domain, referring to the table below for specifics.
Field Description Net BIOS Name This is the NETBIOS name of the domain. You can locate this name by querying the general properties of the domain using the Active Directory Domains and Trusts tool: LDAP Path This is the LDAP path of the target domain (effectively a connection string). This is usually in the format of LDAP://[distinguishedName] For example: LDAP://DC=denallix,DC=com.
The exact value you need to enter will depend on your AD configuration; check with your AD administrator to determine the LDAP path for the target domain. - Click OK to apply the change.
- A Warning message will be displayed. Ensure the ADConnectionString is modified in the K2 Workspace.web.config as described in Domains. Click OK.
Follow these steps to edit a domain.
- Select the domain to edit.
- Click Edit.
- Apply the required changes using the table in Domains for reference.
- Click OK.
Follow these steps to remove a domain.
- Select the domain to remove.
- Click Remove.
- Click OK on the warning message.
- A Warning message will be displayed. Ensure the ADConnectionString is removed from the K2 Workspace.web.config (use Domains to determine which entries to remove). Click OK.
Follow these steps to refresh the list of domains.
- Select the domain to refresh.
- Click Refresh List.
When using multiple domains it is also important to modify the K2 Workspace Web site to authenticate for each domain. Follow these steps to edit the site as needed:
- Open web.config file corresponding to the Workspace Web site, typically located at [Program Files(x86)]\K2 blackpearl\Workspace\Site
-
Add a new AD Connection String in the connectionString section. For example
<add name="ADConnectionString2" connectionString="LDAP://Domain2.com" /> - In the membership section add a new provider pointing to the newly added connection string. The name of the string needs to be unique and match the other example in
Step 2. For example:
<add connectionStringName="ADConnectionString2" connectionProtection="Secure"
enablePasswordReset="false" enableSearchMethods="true" requiresQuestionAndAnswer="false"
applicationName="/" description="Default AD connection" requiresUniqueEmail="false"
clientSearchTimeout="30" serverSearchTimeout="30" attributeMapUsername="sAMAccountName"
name="AspNetActiveDirectoryMembershipProvider_Domain2" type="System.Web.Security.ActiveDirectoryMembershipProvider,System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
Considerations
- Whenever domains are added, removed or edited, the K2 blackpearl service must be restarted. if you have multiple machines in the same farm, you need to restart the service on each server.
- The default domain cannot be deleted
- Parent-child domains are supported.
- If using domains in different forests, a one- or two-way trust relationship must be established. The type of trust relationship required depends on your environment.
- When using multiple domains it is also important to modify the K2 Workspace Web site to authenticate for each domain. See Domains.