Domains
K2 will add a Default Domain based on the domain of the account used to install K2. If an organization has multiple Active Directory (AD) domains or a new domain is added to the organization’s AD infrastructure, those additional domains will not automatically be discovered by K2 or appear in K2 administration tools. Additional domains must be added when necessary. You can also edit and remove existing domain entries and change the domain K2 is part of. Any of these operations should preferably be performed using this Domains page in the K2 Management Site. See the considerations section for additional notes about multiple domains before you perform any demonstrative changes on the Domains screen.
Follow these steps to add a domain:
- On the Domains page, click Add.
- The Add Domain screen will open. Provide the values for the new domain, referring to the table below for specifics.
Field Description Net BIOS Name This is the NETBIOS name of the domain. You can locate this name by querying the general properties of the domain using the Active Directory Domains and Trusts tool: LDAP Path This is the LDAP path of the target domain (effectively a connection string). This is usually in the format of LDAP://[distinguishedName] For example: LDAP://DC=denallix,DC=com.
The exact value you need to enter will depend on your AD configuration; check with your AD administrator to determine the LDAP path for the target domain. - Click OK to apply the change.
- A Warning message will be displayed. You can ignore this message as the K2 Workspace web.config file is no longer available.
Follow these steps to edit a domain.
- Select the domain to edit.
- Click Edit.
- Apply the required changes using the table in Adding a Domain for reference.
- Click OK.
Follow these steps to remove a domain.
- Select the domain to remove.
- Click Remove.
- Click OK on the warning message.
- A Warning message will be displayed. You can ignore this message as the K2 Workspace web.config file is no longer available.
Follow these steps to refresh the list of domains.
- Select the domain to refresh.
- Click Refresh List.
Use the following steps to change the K2 server's domain:
- Add the new domain to your K2 environment. See the Adding a Domain section of this topic.
- Re-run the K2 Setup Manager, selecting the Configure option to configure K2 for the new domain.
- Run the following SQL script to update the HostServer.Security table in the K2 database to refer to the new domain. Make sure to change the NEWDOMAIN and OLDDOMAIN placeholders in the script to your domain names:Copy
SQL script to update the HostServer.Security table
USE [K2] GO
UPDATE
[HostServer].[SecurityLabel]
SET
[AuthInit] = '<AuthInit><Domain>NEWDOMAIN</Domain><Domain>OLDDOMAIN</Domain></AuthInit>',
[RoleInit] = N '<roleprovider><init>ADCache=0;LDAPPath=LDAP://DC=NEWDOMAIN,DC=***,DC=***,DC=AU;ResolveNestedGroups=False;IgnoreForeignPrincipals=False;IgnoreUserGroups=False;MultiDomain=true;OnlyUseSecurityGroups=False;LogLevel=Error;LogSize=0;DataSources=<DataSources><DataSource Path="LDAP://DC=NEWDOMAIN,DC=***,DC=***,DC=AU" NetBiosName="NEWDOMAIN" /><DataSource Path="LDAP://DC=OLDDOMAIN,DC=LOCAL" NetBiosName="OLDDOMAIN" /></DataSources></init><login /><implementation assembly="ADUM, Version=4.0.0.0, Culture=neutral, PublicKeyToken=16a2c5aaaa1b130d" type="ADUM.K2UserManager2" /><properties><user><property name="Name" type="System.String" /><property name="Description" type="System.String" /><property name="Email" type="System.String" /><property name="Manager" type="System.String" /><property name="SipAccount" type="System.String" /><property name="ObjectSID" type="System.String" /><property name="DisplayName" type="System.String" /><property name="CommonName" type="System.String" /><property name="UserPrincipalName" type="System.String" /></user><group><property name="Name" type="System.String" /><property name="Description" type="System.String" /><property name="Email" type="System.String" /></group></properties></roleprovider>'
WHERE
[SecurityLabelName] = 'K2' GO - Restart the K2 server.
References to the old domain are changed to the new domain.
Considerations
- Whenever domains are added, removed or edited, the K2 service must be restarted. If you have multiple machines in the same farm, you need to restart the service on each server.
- The default domain cannot be deleted
- Parent-child domains are supported.
- If using domains in different forests, a one- or two-way trust relationship must be established. The type of trust relationship required depends on your environment.
- If a Service Instance requires domain configuration such as the Active Directory Service 2 and the Account Management Service, you must also update the domain on the Configure Service Instance page in K2 Management as shown below.