We're updating some of our product names. K2 Five is now Nintex Automation. You may see both product names in our help pages while we make this change.

Active Directory User Manager message logging

Use the Active Directory User Manager logging to output logging information relating to integration with Active Directory. This is typically used to troubleshoot authentication or user information lookup issues. You can configure the Active Directory User Manager (ADUM) log level and size to prevent oversized log files that slow down the system. The configuration takes place in the HostServer.SecurityLabel table in the K2 database.

Log Level Configuration

Use the LogLevel setting to set the type of messages logged in ADUM. Use one or a combination of the following case-sensitive settings to control what is logged:

Error: Logs error messages only. This is the default level – new and upgraded environments will use this log level until changed by the user. User entered settings will be preserved in later upgrades
None: Logs nothing. The ‘None’ log level supersedes all others if using a combination of levels (e.g. Error, None).
Debug: Logs all debug messages; users and groups resolution as well as anything else that occurs within ADUM. We recommend not using the Debug level unless something specifically needs to be debugged in order to track a problem. The reason this level is not recommended is because the log files will grow very quickly and due to the volume of log entries there would be a severe performance impact on the server.
All: Logs at all levels except NONE. Note that this setting would put even more load on the environment than the Debug level and therefore is also not recommended unless necessary.

Log Size Configuration

Use the LogSize setting to set the maximum size of a log file in megabytes.

The ADUM log file will not be larger than the specified size, however once the file size reaches the limit, a new file will be created using the naming convention mentioned later in this topic. The default LogSize setting is 0, which allows an infinite file size.

Configuring LogLevel and LogSize

To configure ADUM logging, the following script needs to be run with the value of the users product security label’s RoleInit column copied from the HostServer.SecurityLabel table and pasted between the SET and WHERE statements (replacing the text in the code section below). Then add the LogLevel and LogSize section as in the second line of the RoleInit in the code below. In this example, LogLevel is set to log both Error and Debug messages with the file size not exceeding 1MB.

After executing the script, restart the product server.

Copy

Edit the RoleInit value and the LogLevel settings

1
2
3
4
5
6
7
8
9
10
11
12
13
-- for unconsolidated DBs before K2 4.7 the DB name is [K2HostServer]
USE [K2] GO 
UPDATE 
  [HostServer].[SecurityLabel] 
SET 
  [RoleInit] = '<roleprovider><init>ADCache=0;LDAPPath=LDAP://DC=F1,DC=COM;ResolveNestedGroups=False;IgnoreForeignPrincipals=False;

IgnoreUserGroups=False;MultiDomain=False;OnlyUseSecurityGroups=False;LogLevel=Error,Debug;LogSize=1;

DataSources=&amp;amp;lt;DataSources&gt;&lt;DataSource Path="LDAP://DC=F1,DC=COM" NetBiosName="F1" /&gt;&lt;/DataSources&gt;;;</init><login/><implementation assembly="ADUM, Version=4.0.0.0, Culture=neutral, PublicKeyToken=16a2c5aaaa1b130d" type="ADUM.K2UserManager2"/><properties><user><property name="Name" type="System.String"/><property name="Description" type="System.String"/><property name="Email" type="System.String"/><property name="Manager" type="System.String"/><property name="SipAccount" type="System.String"/><property name="ObjectSID" type="System.String"/><property name="DisplayName" type="System.String"/><property name="CommonName" type="System.String"/><property name="UserPrincipalName" type="System.String"/></user><group><property name="Name" type="System.String"/><property name="Description" type="System.String"/><property name="Email" type="System.String"/></group></properties></roleprovider>' 
WHERE 
  SecurityLabelName = 'K2' GO

Considerations

Every time the server restarts, it creates a new log file.
The log file is named AdumError[Date]_[Increment].log where [Date] is the date the file was created and [Increment] is the number of the file per date. This number will increment when a new file is created on the same day as an already existing file (file size reached, or server restarted on the same day).