Renamed AD user accounts and Integrated Windows authentication in IIS 6.0?

[Usenet User]

Here is the issue: some user accounts were renamed in our Windows
2003-based Active Directory. These users successfully log in with
their new user IDs into the domain. However, when they try to access
our IIS 6.0-based ASP.NET applications that use Integrated Windows
Authentication, the IIS still recognizes them under their old user IDs
(???)

We tried to restart the IIS, but it did not help. We also asked users
to try from different workstations--same story. The client machines
have Win XP Pro.

What is the reason for that and how can it be fixed?

TIA!

 

[Joe Kaplan]

Have you rebooted the web servers? The LSA caches SIDs, so it is possible
that it is just going off a cached value.

It is also possible that the domain controller your web servers are talking
to have not picked up the replication of the name change yet, so the remote
call to do the name translation is still returning the old name.

This should eventually fix itself one way or the other unless you didn't
change the name the way you think you did. For example, you could have
changed the UPN in AD and then logged in with the new UPN but if you didn't
change the sAMAccountName as well, ASP.NET would continue to show the old
sAMAccountName in the username.

Joe K.

 

[Usenet User]

Rebooting the web server (not just IIS) indeed helped, thank you!