Renamed AD user accounts and Integrated Windows authentication in IIS 6.0?

Discussion in 'ASP .Net Security' started by Usenet User, Mar 14, 2008.

  1. Usenet User

    Usenet User Guest

    Here is the issue: some user accounts were renamed in our Windows
    2003-based Active Directory. These users successfully log in with
    their new user IDs into the domain. However, when they try to access
    our IIS 6.0-based ASP.NET applications that use Integrated Windows
    Authentication, the IIS still recognizes them under their old user IDs
    (???)

    We tried to restart the IIS, but it did not help. We also asked users
    to try from different workstations--same story. The client machines
    have Win XP Pro.

    What is the reason for that and how can it be fixed?

    TIA!
    Usenet User, Mar 14, 2008
    #1
    1. Advertising

  2. Usenet User

    Joe Kaplan Guest

    Have you rebooted the web servers? The LSA caches SIDs, so it is possible
    that it is just going off a cached value.

    It is also possible that the domain controller your web servers are talking
    to have not picked up the replication of the name change yet, so the remote
    call to do the name translation is still returning the old name.

    This should eventually fix itself one way or the other unless you didn't
    change the name the way you think you did. For example, you could have
    changed the UPN in AD and then logged in with the new UPN but if you didn't
    change the sAMAccountName as well, ASP.NET would continue to show the old
    sAMAccountName in the username.

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "Usenet User" <> wrote in message
    news:...
    > Here is the issue: some user accounts were renamed in our Windows
    > 2003-based Active Directory. These users successfully log in with
    > their new user IDs into the domain. However, when they try to access
    > our IIS 6.0-based ASP.NET applications that use Integrated Windows
    > Authentication, the IIS still recognizes them under their old user IDs
    > (???)
    >
    > We tried to restart the IIS, but it did not help. We also asked users
    > to try from different workstations--same story. The client machines
    > have Win XP Pro.
    >
    > What is the reason for that and how can it be fixed?
    >
    > TIA!
    Joe Kaplan, Mar 14, 2008
    #2
    1. Advertising

  3. Usenet User

    Usenet User Guest

    Rebooting the web server (not just IIS) indeed helped, thank you!

    On Fri, 14 Mar 2008 16:06:51 -0500, "Joe Kaplan"
    <> wrote:

    >Have you rebooted the web servers? The LSA caches SIDs, so it is possible
    >that it is just going off a cached value.
    >
    >It is also possible that the domain controller your web servers are talking
    >to have not picked up the replication of the name change yet, so the remote
    >call to do the name translation is still returning the old name.
    >
    >This should eventually fix itself one way or the other unless you didn't
    >change the name the way you think you did. For example, you could have
    >changed the UPN in AD and then logged in with the new UPN but if you didn't
    >change the sAMAccountName as well, ASP.NET would continue to show the old
    >sAMAccountName in the username.
    >
    >Joe K.
    >
    >--
    >Joe Kaplan-MS MVP Directory Services Programming
    >Co-author of "The .NET Developer's Guide to Directory Services Programming"
    >http://www.directoryprogramming.net
    Usenet User, Mar 18, 2008
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mark
    Replies:
    0
    Views:
    676
  2. Will
    Replies:
    5
    Views:
    2,613
  3. sqlman
    Replies:
    1
    Views:
    2,901
    David Wang
    Jul 28, 2009
  4. DownUnder
    Replies:
    4
    Views:
    499
    DownUnder
    Aug 19, 2004
  5. sqlman

    IIS 7.0 and Windows Integrated Authentication?

    sqlman, Jul 23, 2009, in forum: ASP .Net Security
    Replies:
    1
    Views:
    2,163
    David Wang
    Jul 28, 2009
Loading...

Share This Page