The queries your dev provided all return accounts in down level format. However, a name change need not propagate necessarily to things like proxyAddresses (and mail/mailNickname). I am pretty sure they are overlooking something else such as another call in some other page using some other technique (mail, mailNickname) or as Brian suggested, maybe they cached it. That’s not the most robust, error proof way to extract the shortid from a down level formatted account in my opinion, but that’s another issue.
Find the page that produces the erroneous result, that would make it simpler to track for the dev... > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Kurt Buff > Sent: Tuesday, September 19, 2017 5:55 PM > To: ntsysadm <[email protected]> > Subject: Re: [NTSysADM] Odd problems with account display after name > change > > Sorry for the late reply - the user wasn't in yesterday, so i couldn't > confirm the effectiveness of the iisreset - but it wasn't... > > According to the dev, the web sites use two different methods to > gather the ID from the user: > > string PageUserName = Page.User.Identity.Name.Replace("EXAMPLE\\", > ""); > and > string HttpContextCurrentUser = > HttpContext.Current.User.Identity.Name.Replace("EXAMPLE\\", ""); > > How it validates that against AD I don't know. > > I'm going to install Fiddler on the user's machine tmorrow, and see if > that can tell me anything. > > And, I'm beginning to wonder if there's something that's cached in her > local profile that's gone worng [sic]. > > Kurt > > > On Fri, Sep 15, 2017 at 5:08 PM, Michael B. Smith <[email protected]> > wrote: > > Then what's the query? > > > > -----Original Message----- > > From: [email protected] > [mailto:[email protected]] On Behalf Of Kurt Buff > > Sent: Friday, September 15, 2017 8:01 PM > > To: ntsysadm > > Subject: Re: [NTSysADM] Odd problems with account display after name > change > > > > No, I'm not sure the app isn't caching - this despite the web developer's > assertion that it's a direct query to AD for each login. > > > > I'm going to do an iisreset this weekend, and see if that resolves the > problem. > > > > Kurt > > > > On Fri, Sep 15, 2017 at 4:18 PM, Brian Desmond > <[email protected]> wrote: > >> Seems unlikely. Are you sure the app isn't caching something locally? > >> > >> Thanks, > >> Brian Desmond > >> > >> w – 312.625.1438 | c – 312.731.3132 > >> > >> -----Original Message----- > >> From: [email protected] > >> [mailto:[email protected]] On Behalf Of Kurt Buff > >> Sent: Friday, September 15, 2017 6:03 PM > >> To: ntsysadm <[email protected]> > >> Subject: [NTSysADM] Odd problems with account display after name > >> change > >> > >> All, > >> > >> I've got a couple of questions, but first what I'm seeing. > >> > >> One of our users went through a name change this week (from jmounts > to jmartin), and now she's seeing her old ID on a couple of internally > developed web sites (we show who's logged in on the landing page for each > of them) that get permissions from AD. > >> > >> I've looked over her account briefly (get-aduser -properties*), and see a > couple of places that still show the old ID: > >> > >> legacyExchangeDN : /o=Exampe/ou=US/cn=Recipients/cn=JMounts > >> msExchADCGlobalNames : > >> > EX5:cn=JMounts,cn=Recipients,ou=US,o=Example:organizationalperson$per > s > >> on$top0000000041538F7E51E1C701} > >> > >> The second one above also has NT5 and FOREST entries. > >> > >> I also see these entries: > >> > >> ProxyAddresses X400:c=US;a= ;p=Example;o=US;s=Mounts;g=Jill; > >> > >> along with her smtp and sip addresses, and > >> > >> textEncodedORAddress : X400:C=US;A= > ;P=Zetron;O=ZETUS;S=Mounts;G=Jill; > >> > >> But since they don't show jmounts, I don't think they play a role here. > >> > >> So, the question: > >> 1) would any of these fields be picked up by the web sites? Doesn't seem > likely to me. > >> > >> 2) Is there any other place I should be looking to track this down? > >> > >> Kurt > >> > >> > > > > >
