Domains
The product will add a Default Domain based on the domain of the account used to install the product. If an organization has multiple Active Directory (AD) domains or a new domain is added to the organization’s AD infrastructure, those additional domains will not automatically be discovered or appear in administration tools. Additional domains must be added when necessary. You can also edit and remove existing domain entries and change the domain the product is part of. Any of these operations should preferably be performed using this Domains page in the Management Site. See the considerations section for additional notes about multiple domains before you perform any demonstrative changes on the Domains screen.
Follow these steps to add a domain:
- On the Domains page, click Add.
- The Add Domain screen will open. Provide the values for the new domain, referring to the table below for specifics.
Field Description Net BIOS Name This is the NETBIOS name of the domain. You can locate this name by querying the general properties of the domain using the Active Directory Domains and Trusts tool: LDAP Path This is the LDAP path of the target domain (effectively a connection string). This is usually in the format of LDAP://[distinguishedName] For example: LDAP://DC=denallix,DC=com.
The exact value you need to enter will depend on your AD configuration; check with your AD administrator to determine the LDAP path for the target domain. - Click OK to apply the change.
- A Warning message will be displayed. You can ignore this message as the Workspace web.config file is no longer available.
Follow these steps to edit a domain.
- Select the domain to edit.
- Click Edit.
- Apply the required changes using the table in Adding a Domain for reference.
- Click OK.
Follow these steps to remove a domain.
- Select the domain to remove.
- Click Remove.
- Click OK on the warning message.
- A Warning message will be displayed. You can ignore this message as the Workspace web.config file is no longer available.
Follow these steps to refresh the list of domains.
- Select the domain to refresh.
- Click Refresh List.
Use the following steps to change the server's domain:
- Add the new domain to your environment. See the Adding a Domain section of this topic.
- Re-run the Setup Manager, selecting the Configure option to configure the product for the new domain.
- Run the following SQL script to update the HostServer.Security table in the K2 database to refer to the new domain. Make sure to change the NEWDOMAIN and OLDDOMAIN placeholders in the script to your domain names:Copy
SQL script to update the HostServer.Security table
USE [K2] GO
UPDATE
[HostServer].[SecurityLabel]
SET
[AuthInit] = '<AuthInit><Domain>NEWDOMAIN</Domain><Domain>OLDDOMAIN</Domain></AuthInit>',
[RoleInit] = N '<roleprovider><init>ADCache=0;LDAPPath=LDAP://DC=NEWDOMAIN,DC=***,DC=***,DC=AU;ResolveNestedGroups=False;IgnoreForeignPrincipals=False;IgnoreUserGroups=False;MultiDomain=true;OnlyUseSecurityGroups=False;LogLevel=Error;LogSize=0;DataSources=<DataSources><DataSource Path="LDAP://DC=NEWDOMAIN,DC=***,DC=***,DC=AU" NetBiosName="NEWDOMAIN" /><DataSource Path="LDAP://DC=OLDDOMAIN,DC=LOCAL" NetBiosName="OLDDOMAIN" /></DataSources></init><login /><implementation assembly="ADUM, Version=4.0.0.0, Culture=neutral, PublicKeyToken=16a2c5aaaa1b130d" type="ADUM.K2UserManager2" /><properties><user><property name="Name" type="System.String" /><property name="Description" type="System.String" /><property name="Email" type="System.String" /><property name="Manager" type="System.String" /><property name="SipAccount" type="System.String" /><property name="ObjectSID" type="System.String" /><property name="DisplayName" type="System.String" /><property name="CommonName" type="System.String" /><property name="UserPrincipalName" type="System.String" /></user><group><property name="Name" type="System.String" /><property name="Description" type="System.String" /><property name="Email" type="System.String" /></group></properties></roleprovider>'
WHERE
[SecurityLabelName] = 'K2' GO - Restart the server.
References to the old domain are changed to the new domain.
Considerations
- Whenever domains are added, removed or edited, the K2 service must be restarted. If you have multiple machines in the same farm, you need to restart the service on each server.
- The default domain cannot be deleted
- Parent-child domains are supported.
- If using domains in different forests, a one- or two-way trust relationship must be established. The type of trust relationship required depends on your environment.
- If a Service Instance requires domain configuration such as the Active Directory Service 2 and the Account Management Service, you must also update the domain on the Configure Service Instance page in Management as shown below.