Re: AD user name changed, IIS still sees old user name

From: Aaron (Aaron_at_discussions.microsoft.com)
Date: 03/29/05

• Next message: TheSonOfKrypton_at_earthlink.net: "IIS 5.0 Directory Settings help"
• Previous message: David Wang [Msft]: "Re: AD user name changed, IIS still sees old user name"
• In reply to: David Wang [Msft]: "Re: AD user name changed, IIS still sees old user name"
• Next in thread: Aaron: "Re: AD user name changed, IIS still sees old user name"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 28 Mar 2005 18:07:03 -0800

David,

We did not change the user's SID, only the user's logon username. The
change was made a couple weeks ago in fact, so it should not still be cached
by IIS. This is what puzzles us the most, and why we are asking the question
here. If ASP.NET was caching credentials in session or application memory
space, this should be cleared when an IIS reset is performed and the worker
process is recycled. This is why we are wondering what we are doing wrong.
Please advise.

Thanks,

Aaron

"David Wang [Msft]" wrote:

> Did you change the user's name, user's SID, or both?
>
> IIS definitely caches user tokens for performance reasons (can't be hitting
> the DC on every single request...), and since the DC doesn't tell IIS when
> such AD data changes, you'll have to do it yourself. Restarting IIS (either
> recycling the ApplicationPool or W3SVC service) should be sufficient to
> clear out the user tokens. I also believe IIS refreshes such user tokens
> after 15 minutes or so, so unless you are in a hurry, things should just
> magically work.
>
> Now, ASP.Net/.Net Framework may do its own caching, and since
> Context.User.Identity is within ASP.Net, you will need to make sure their
> caches are cleared as well.
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no rights.
> //

---

• Next message: TheSonOfKrypton_at_earthlink.net: "IIS 5.0 Directory Settings help"
• Previous message: David Wang [Msft]: "Re: AD user name changed, IIS still sees old user name"
• In reply to: David Wang [Msft]: "Re: AD user name changed, IIS still sees old user name"
• Next in thread: Aaron: "Re: AD user name changed, IIS still sees old user name"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Strange Problem using a virtual directory ... Changing the Default Interval for User Tokens in IIS ... > configuration for being on a workgroup), ... I can access the virtual directory fine when I reboot the ... (microsoft.public.inetserver.iis) Re: AD user name changed, IIS still sees old user name ... IIS definitely caches user tokens for performance reasons (can't be hitting ... We have an ASP.NET application running on Windows Server 2003, ... mapping application user accounts to active directory user accounts. ... (microsoft.public.inetserver.iis.security) Re: Locked out users still can ftp ... RFC that IIS FTP support, ... just like the plain text password, not able to change password, ... we don't cache user tokens in WFTPD Pro. ... (microsoft.public.inetserver.iis.security) Re: AD user name changed, IIS still sees old user name ... > IIS definitely caches user tokens for performance reasons (can't be hitting ... (microsoft.public.inetserver.iis.security) Re: w3wp.exe memory problem ... I hope you mean you are "recycling Application Pools" when you say "IIS ... memory won't be consumed -- so it is your application that is causing the ... Set this Application Pool to ONLY have private bytes memory-based ... (microsoft.public.inetserver.iis)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.inetserver.iis.security  > 2005-03