Change LDAP string to use a specific Domain Controller server

This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice. This article is not considered official documentation for K2 software and is provided "as is" with no warranties.
This article has been archived, and/or refers to legacy products, components or features. The content in this article is offered "as is" and will no longer be updated. Archived content is provided for reference purposes only. This content does not infer that the product, component or feature is supported, or that the product, component or feature will continue to function as described herein.


We want to force the K2 server to use a specific Domain Controller. How do we do that?

Before You Begin

You will have to modify the LDAP string to use the Domain Controller you want to use, as described in this article:

You can also make sure the K2 Server is able to reach the Domain Controller using the "nltest" command, as per this article:

We built the string as follows:


 Where is the domain controller that needs to be used.

Note that if this domain controller becomes unavailable, K2 functionality will be impacted. Especially in older versions, K2 might not work at all.

How-to Steps

You can go to K2 Workspace / Management then browse to your User Manager -> K2 security label where you should see all your registered domains with their respective LDAP:// or GC:// strings.

You can edit the LDAP:// or GC:// strings there to only use one Domain Controller as per the above.

If there is only one domain registered then this LDAP string can not be edited, therefore you will have to make changes directly in the K2 database. Please log a support ticket to get help with modifying the XML in the RoleInit column for the "K2" Security Label in the [HostServer].[SecurityLabel] table.

Please restart your K2 Service for the changes to take effect.