Re: AD user name changed, IIS still sees old user name
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 03/29/05
- Next message: Aaron: "Re: AD user name changed, IIS still sees old user name"
- Previous message: Leon Mayne [MVP]: "Re: SMTSVC ?"
- In reply to: Aaron: "AD user name changed, IIS still sees old user name"
- Next in thread: Aaron: "Re: AD user name changed, IIS still sees old user name"
- Reply: Aaron: "Re: AD user name changed, IIS still sees old user name"
- Reply: Aaron: "Re: AD user name changed, IIS still sees old user name"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Mar 2005 14:33:00 -0800
Did you change the user's name, user's SID, or both?
IIS definitely caches user tokens for performance reasons (can't be hitting
the DC on every single request...), and since the DC doesn't tell IIS when
such AD data changes, you'll have to do it yourself. Restarting IIS (either
recycling the ApplicationPool or W3SVC service) should be sufficient to
clear out the user tokens. I also believe IIS refreshes such user tokens
after 15 minutes or so, so unless you are in a hurry, things should just
magically work.
Now, ASP.Net/.Net Framework may do its own caching, and since
Context.User.Identity is within ASP.Net, you will need to make sure their
caches are cleared as well.
-- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Aaron" <Aaron@discussions.microsoft.com> wrote in message news:FB8ED038-3A44-4FE1-904E-C52ACF19CAD4@microsoft.com... We have an ASP.NET application running on Windows Server 2003, using IIS 6.0, and integrated windows authentication with SQL Server 2000 on the back-end. We store active directory user names in the SQL Server database for use in mapping application user accounts to active directory user accounts. We created a user account for one of our users some time last year (i.e. - _joeuser), and added them to the database as an active user (i.e. - inserted "_joeuser" into user's table). This year the user's name was changed in Active Directory from "_joeuser" to "jimuser". Of course, we also updated the user name in the application's user table. The problem is, even though we have changed the name in both Active Directory and in the user table in the database, when calling Context.User.Identity from within our ASP.NET application we receive the old user name when the user connects to the site (i.e. - "_joeuser"). Neither restarting IIS nor restarting the worker process fixes the problem. A full server reboot will fix the problem; however, we do not want to reboot one of the servers everytime we change a username in Active Directory. Is there a way to force these changes down to the server(s) on-demand when making this kind of user name change in the Active Directory? Additionally, we also wrote a small tool to query the AD from the command-line on the web server, and it is able to find the SID for the new user name (i.e. - "jimuser") as expected. When the tool is asked to query the AD for a SID for the old user name (i.e. - "_joeuser"), it cannot find the name as expected. Any ideas or thoughts would be greatly appreciated! We have a developer who is "on-the-edge" as a result of this issue, and we are trying to solve his problem. Thank you, Aaron
- Next message: Aaron: "Re: AD user name changed, IIS still sees old user name"
- Previous message: Leon Mayne [MVP]: "Re: SMTSVC ?"
- In reply to: Aaron: "AD user name changed, IIS still sees old user name"
- Next in thread: Aaron: "Re: AD user name changed, IIS still sees old user name"
- Reply: Aaron: "Re: AD user name changed, IIS still sees old user name"
- Reply: Aaron: "Re: AD user name changed, IIS still sees old user name"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
