Nice catch, reading up this shows the default is 10080 minutes. That’s pretty long...
> -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Kurt Buff > Sent: Thursday, September 21, 2017 2:56 PM > To: ntsysadm <[email protected]> > Subject: Re: [NTSysADM] Odd problems with account display after name > change > > Found it... > > LSA cache seems to have been the culprit. > > https://support.microsoft.com/en-us/help/946358/the-lsalookupsids- > function-may-return-the-old-user-name-instead-of-the > > I set up the regentry in this article, then restarted the netlogon > service, and we got the results we wanted. > > I expect if I had just bounced the machines, that would have fixed it too... > > Kurt > > On Sat, Sep 16, 2017 at 9:12 AM, Brian Desmond > <[email protected]> wrote: > > I'd more wonder if the app doesn't have a database that it sticks some bits > about the user in the first time they sign-in and never updates it again. > > > > Thanks, > > Brian Desmond > > > > w – 312.625.1438 | c – 312.731.3132 > > > > -----Original Message----- > > From: [email protected] > [mailto:[email protected]] On Behalf Of Kurt Buff > > Sent: Friday, September 15, 2017 7:01 PM > > To: ntsysadm <[email protected]> > > Subject: Re: [NTSysADM] Odd problems with account display after name > change > > > > No, I'm not sure the app isn't caching - this despite the web developer's > assertion that it's a direct query to AD for each login. > > > > I'm going to do an iisreset this weekend, and see if that resolves the > problem. > > > > Kurt > > > > On Fri, Sep 15, 2017 at 4:18 PM, Brian Desmond > <[email protected]> wrote: > >> Seems unlikely. Are you sure the app isn't caching something locally? > >> > >> Thanks, > >> Brian Desmond > >> > >> w – 312.625.1438 | c – 312.731.3132 > >> > >> -----Original Message----- > >> From: [email protected] > >> [mailto:[email protected]] On Behalf Of Kurt Buff > >> Sent: Friday, September 15, 2017 6:03 PM > >> To: ntsysadm <[email protected]> > >> Subject: [NTSysADM] Odd problems with account display after name > >> change > >> > >> All, > >> > >> I've got a couple of questions, but first what I'm seeing. > >> > >> One of our users went through a name change this week (from jmounts > to jmartin), and now she's seeing her old ID on a couple of internally > developed web sites (we show who's logged in on the landing page for each > of them) that get permissions from AD. > >> > >> I've looked over her account briefly (get-aduser -properties*), and see a > couple of places that still show the old ID: > >> > >> legacyExchangeDN : /o=Exampe/ou=US/cn=Recipients/cn=JMounts > >> msExchADCGlobalNames : > >> > EX5:cn=JMounts,cn=Recipients,ou=US,o=Example:organizationalperson$per > s > >> on$top0000000041538F7E51E1C701} > >> > >> The second one above also has NT5 and FOREST entries. > >> > >> I also see these entries: > >> > >> ProxyAddresses X400:c=US;a= ;p=Example;o=US;s=Mounts;g=Jill; > >> > >> along with her smtp and sip addresses, and > >> > >> textEncodedORAddress : X400:C=US;A= > ;P=Zetron;O=ZETUS;S=Mounts;G=Jill; > >> > >> But since they don't show jmounts, I don't think they play a role here. > >> > >> So, the question: > >> 1) would any of these fields be picked up by the web sites? Doesn't seem > likely to me. > >> > >> 2) Is there any other place I should be looking to track this down? > >> > >> Kurt > >> > >> > > > > >
