Renamed AD user accounts and Integrated Windows authentication in IIS 6.0?

TheMSsForum.com: The Microsoft Software Forum

Here is the issue: some user accounts were renamed in our Windows
2003-based Active Directory. These users successfully log in with
their new user IDs into the domain. However, when they try to access
our IIS 6.0-based ASP.NET applications that use Integrated Windows
Authentication, the IIS still recognizes them under their old user IDs
(???)

We tried to restart the IIS, but it did not help. We also asked users
to try from different workstations--same story. The client machines
have Win XP Pro.

What is the reason for that and how can it be fixed?

TIA!
Top

Re: Renamed AD user accounts and Integrated Windows authentication in IIS 6.0? by Joe

Joe
Fri Mar 14 16:06:51 CDT 2008

Have you rebooted the web servers? The LSA caches SIDs, so it is possible
that it is just going off a cached value.

It is also possible that the domain controller your web servers are talking
to have not picked up the replication of the name change yet, so the remote
call to do the name translation is still returning the old name.

This should eventually fix itself one way or the other unless you didn't
change the name the way you think you did. For example, you could have
changed the UPN in AD and then logged in with the new UPN but if you didn't
change the sAMAccountName as well, ASP.NET would continue to show the old
sAMAccountName in the username.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Usenet User" <no.spam@no.way> wrote in message
news:ggnlt39d9pmgdabcjlau7rh4r7v761h2au@4ax.com...
> Here is the issue: some user accounts were renamed in our Windows
> 2003-based Active Directory. These users successfully log in with
> their new user IDs into the domain. However, when they try to access
> our IIS 6.0-based ASP.NET applications that use Integrated Windows
> Authentication, the IIS still recognizes them under their old user IDs
> (???)
>
> We tried to restart the IIS, but it did not help. We also asked users
> to try from different workstations--same story. The client machines
> have Win XP Pro.
>
> What is the reason for that and how can it be fixed?
>
> TIA!


Top

Re: Renamed AD user accounts and Integrated Windows authentication in IIS 6.0? by Usenet

Usenet
Tue Mar 18 11:43:57 CDT 2008

Rebooting the web server (not just IIS) indeed helped, thank you!

On Fri, 14 Mar 2008 16:06:51 -0500, "Joe Kaplan"
<joseph.e.kaplan@removethis.accenture.com> wrote:

>Have you rebooted the web servers? The LSA caches SIDs, so it is possible
>that it is just going off a cached value.
>
>It is also possible that the domain controller your web servers are talking
>to have not picked up the replication of the name change yet, so the remote
>call to do the name translation is still returning the old name.
>
>This should eventually fix itself one way or the other unless you didn't
>change the name the way you think you did. For example, you could have
>changed the UPN in AD and then logged in with the new UPN but if you didn't
>change the sAMAccountName as well, ASP.NET would continue to show the old
>sAMAccountName in the username.
>
>Joe K.
>
>--
>Joe Kaplan-MS MVP Directory Services Programming
>Co-author of "The .NET Developer's Guide to Directory Services Programming"
>http://www.directoryprogramming.net
Top