We're updating some of our product names. K2 Five is now Nintex Automation. You may see both product names in our help pages while we make this change.

AD Service2

The AD Service2 Service Type provides read capabilities for Active Directory (AD) entities like Users, Groups and Organizational Units (OUs). It is commonly used to read user data from AD, or to list Group and OU membership. A service instance of this service type is registered automatically when you install K2.

Service Keys (Service Instance Configuration Settings)

Key	Can be modified	Data Type	Sample Value	Notes
LDAP	Yes	Text	OU1	The sequence of the LDAP entries must correspond with the NETBIOSNAME entries. Example: In this example two domains are configured; Domain1 and Domain2. LDAP: LDAP://DC=DOMAIN1,DC=COM; LDAP://DC=DOMAIN2,DC=COM NETBIOSNAME: DOMAIN1;DOMAIN2 .
NETBIOSNAME	Yes	Text	DOMAIN1.COM	The sequence in which the LDAP paths were added must correspond to the sequence in which the NETBIOSNAME were added.
RAISEERROR	Yes	True/ False
ResolveNestedGroups	Yes	True/ False		Default: False Activating this property could have performance implications for highly hierarchical group structures.

Service Objects

The Active Directory service exposes the following Service Objects:

AD Group
AD Organizational Unit
AD User

SmartObjects

K2 does not automatically create SmartObjects for the Service Objects in this service. SmartObjects can be automatically created by selecting the Generate SmartObjects for this Service Instance check box when creating a new Service Instance. Designers can use the SmartObject design tools to build advanced SmartObjects that leverage the Service Objects in this service. It is recommended to use the SmartObject design tools to create SmartObjects rather than generating SmartObjects, since this allows better control over the naming, behavior and design of the SmartObject and its methods and properties.

Configuring a filter on an AD Service2 service instance

This feature is only available when installing K2 Five (5.6) Fix Packs Fix Pack 2 or later.
This feature only applies to users and not to groups or organizational units.
See Sync Service for applying a filter on the AD Identity Sync level.

You can use an Active Directory attribute to filter users in your AD User SmartObjects of an AD Service2 service instance. For example if you have an organization with lots of users and you want to filter them according to their divisions, you can use the Division attribute in Active Directory to do this. By specifying a value for the attribute per user, you can filter users that belong to a specific division such as Operations. This filter applies on a service instance level and is applied to users of the AD User SmartObject. It does not apply to the AD Group or AD Organizational Unit SmartObjects.

Configure the filter

Follow the steps below to configure a filter on an AD Service2 service instance:

Open the Properties of a user in Active Directory Users and Computers and go to the Attribute Editor tab. Set the value of the attribute you want to use in your filter. The example below uses the Operations value for the Division attribute.
Edit the service instance in Management > Integration > Service Instances > Active Directory Service2 and set the values for the following settings:
- ADattributeFilterType: The attribute in Active Directory you want to filter on such as Division (single value).
- ADattributeFilterEnabled: Enables or disables the filter, where True=Enabled and False=Disabled.
- ADattributeFilterValue: The value for the attribute to filter users for example Operations (single value).
- ADattributeOperator: The operator you want to use for the filter. The only operators available are Equals or NotEquals, where Equals=determines if two values are equal, and NotEquals=determines if two values are not equal.
- ADattributeIncludeNonSet: Includes or excludes empty values in the filter, where True=Enabled and False=Disabled.
Click OK to update the service instance. The filter now applies to all AD User SmartObjects of this service instance.

Considerations

The default Service Instance of this service is used internally by the K2 environment. Do not modify or delete the existing service instance. You can create a new instance or use the methods from the existing instance
If you want to create folders in Active Directory to use with any of the SmartObject methods, you must use the Active Directory user interface to do this. You cannot use the AD User Create SmartObject method to create a folder in Active Directory.
Configuring a filter on an AD Service2 service instance:
- The filter is applied to users of the AD User SmartObject. For example when used in custom setups, such as using the AD User SmartObject as the data source for a Picker control, or when the AD User SmartObject is used as the default data source, such as the people picker in K2 for SharePoint.
- If you enabled the filter and want to disable it at a later stage, change the ADattributeFilterEnabled setting in your service instance to false.
- Once configuration is done on the service instance, the filter applies to all SmartObjects of that service instance.