Introduction

When using a Forest naming convention such as:

Forest 1: Domain.com; and

Forest 2: Sub.Domain.com,

Active Directory natively interprets the second Forest as a child domain of the first Forest instead of another Forest. When searching for users in the second Forest in K2, they will not be returned as K2 is searching for users under the child domain.

Error Scenario

  • Create two Forests with the following naming convention:
    • Forest 1 – Domain.com (K2 is on this Forest)
    • Forest 2 – Sub.Domain.com (This Forest is interpreted as a child domain due to the naming convention, and not another Forest)
  • Add the following domain for Forest 2:
    • NETBIOS Name: Sub                      
    • LDAP: //IPAddress/DC=Sub,DC=Domain,DC=com

The domain can be added in Workspace > Management Console > User Managers > K2 > Domains

When using this configuration, the following issues might occur:

  • Unable to find users in  a group using the UMUser Out of the Box SmartObject for Forest 2
  • Unable to find groups for a user using the UMGroup Out of the Box SmartObject for Forest 2
  • When using users/groups from Forest 2 as destination users in a K2 process, they will not receive worklist items

Resolution

This Hotfix is contained within the latest K2 Update.

Add the second forest in Workspace > Management Console > User Managers > K2 > Domains – with the IPAddress specification instead of using the servername