AD user name changed, IIS still sees old user name
From: Aaron (Aaron_at_discussions.microsoft.com)
Date: 03/28/05
- Next message: Backup: "IIS6 to block someone from sharing files"
- Previous message: Jeff Cochran: "Re: DMZ access for internal and external users"
- Next in thread: David Wang [Msft]: "Re: AD user name changed, IIS still sees old user name"
- Reply: David Wang [Msft]: "Re: AD user name changed, IIS still sees old user name"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Mar 2005 11:49:01 -0800
We have an ASP.NET application running on Windows Server 2003, using IIS 6.0,
and integrated windows authentication with SQL Server 2000 on the back-end.
We store active directory user names in the SQL Server database for use in
mapping application user accounts to active directory user accounts. We
created a user account for one of our users some time last year (i.e. -
_joeuser), and added them to the database as an active user (i.e. - inserted
"_joeuser" into user's table). This year the user's name was changed in
Active Directory from "_joeuser" to "jimuser". Of course, we also updated
the user name in the application's user table.
The problem is, even though we have changed the name in both Active
Directory and in the user table in the database, when calling
Context.User.Identity from within our ASP.NET application we receive the old
user name when the user connects to the site (i.e. - "_joeuser"). Neither
restarting IIS nor restarting the worker process fixes the problem. A full
server reboot will fix the problem; however, we do not want to reboot one of
the servers everytime we change a username in Active Directory. Is there a
way to force these changes down to the server(s) on-demand when making this
kind of user name change in the Active Directory?
Additionally, we also wrote a small tool to query the AD from the
command-line on the web server, and it is able to find the SID for the new
user name (i.e. - "jimuser") as expected. When the tool is asked to query
the AD for a SID for the old user name (i.e. - "_joeuser"), it cannot find
the name as expected.
Any ideas or thoughts would be greatly appreciated! We have a developer who
is "on-the-edge" as a result of this issue, and we are trying to solve his
problem.
Thank you,
Aaron
- Next message: Backup: "IIS6 to block someone from sharing files"
- Previous message: Jeff Cochran: "Re: DMZ access for internal and external users"
- Next in thread: David Wang [Msft]: "Re: AD user name changed, IIS still sees old user name"
- Reply: David Wang [Msft]: "Re: AD user name changed, IIS still sees old user name"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
