Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Security / March 2008

Tip: Looking for answers? Try searching our database.

Renamed AD user accounts and Integrated Windows authentication in IIS 6.0?

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Usenet User - 14 Mar 2008 21:30 GMT
Here is the issue: some user accounts were renamed in our Windows
2003-based Active Directory. These users successfully log in with
their new user IDs into the domain. However, when they try to access
our IIS 6.0-based ASP.NET applications that use Integrated Windows
Authentication, the IIS still recognizes them under their old user IDs
(???)

We tried to restart the IIS, but it did not help. We also asked users
to try from different workstations--same story. The client machines
have Win XP Pro.

What is the reason for that and how can it be fixed?

TIA!
Reply to this Message
Joe Kaplan - 14 Mar 2008 22:06 GMT
Have you rebooted the web servers?  The LSA caches SIDs, so it is possible
that it is just going off a cached value.

It is also possible that the domain controller your web servers are talking
to have not picked up the replication of the name change yet, so the remote
call to do the name translation is still returning the old name.

This should eventually fix itself one way or the other unless you didn't
change the name the way you think you did.  For example, you could have
changed the UPN in AD and then logged in with the new UPN but if you didn't
change the sAMAccountName as well, ASP.NET would continue to show the old
sAMAccountName in the username.

Joe K.

Signature

Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--

> Here is the issue: some user accounts were renamed in our Windows
> 2003-based Active Directory. These users successfully log in with
[quoted text clipped - 10 lines]
>
> TIA!
Reply to this Message
Usenet User - 18 Mar 2008 17:43 GMT
Rebooting the web server (not just IIS) indeed helped, thank you!

>Have you rebooted the web servers?  The LSA caches SIDs, so it is possible
>that it is just going off a cached value.
[quoted text clipped - 10 lines]
>
>Joe K.
Reply to this Message

 Rate this thread:







Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.