Yes, a full week seems excessive. Kurt
On Thu, Sep 21, 2017 at 2:12 PM, Joseph L. Casale <jcas...@activenetwerx.com> wrote: > Nice catch, reading up this shows the default is 10080 minutes. That’s pretty > long... > >> -----Original Message----- >> From: listsad...@lists.myitforum.com >> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff >> Sent: Thursday, September 21, 2017 2:56 PM >> To: ntsysadm <ntsysadm@lists.myitforum.com> >> Subject: Re: [NTSysADM] Odd problems with account display after name >> change >> >> Found it... >> >> LSA cache seems to have been the culprit. >> >> https://support.microsoft.com/en-us/help/946358/the-lsalookupsids- >> function-may-return-the-old-user-name-instead-of-the >> >> I set up the regentry in this article, then restarted the netlogon >> service, and we got the results we wanted. >> >> I expect if I had just bounced the machines, that would have fixed it too... >> >> Kurt >> >> On Sat, Sep 16, 2017 at 9:12 AM, Brian Desmond >> <br...@briandesmond.com> wrote: >> > I'd more wonder if the app doesn't have a database that it sticks some bits >> about the user in the first time they sign-in and never updates it again. >> > >> > Thanks, >> > Brian Desmond >> > >> > w – 312.625.1438 | c – 312.731.3132 >> > >> > -----Original Message----- >> > From: listsad...@lists.myitforum.com >> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff >> > Sent: Friday, September 15, 2017 7:01 PM >> > To: ntsysadm <ntsysadm@lists.myitforum.com> >> > Subject: Re: [NTSysADM] Odd problems with account display after name >> change >> > >> > No, I'm not sure the app isn't caching - this despite the web developer's >> assertion that it's a direct query to AD for each login. >> > >> > I'm going to do an iisreset this weekend, and see if that resolves the >> problem. >> > >> > Kurt >> > >> > On Fri, Sep 15, 2017 at 4:18 PM, Brian Desmond >> <br...@briandesmond.com> wrote: >> >> Seems unlikely. Are you sure the app isn't caching something locally? >> >> >> >> Thanks, >> >> Brian Desmond >> >> >> >> w – 312.625.1438 | c – 312.731.3132 >> >> >> >> -----Original Message----- >> >> From: listsad...@lists.myitforum.com >> >> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff >> >> Sent: Friday, September 15, 2017 6:03 PM >> >> To: ntsysadm <NTSysADM@lists.myitforum.com> >> >> Subject: [NTSysADM] Odd problems with account display after name >> >> change >> >> >> >> All, >> >> >> >> I've got a couple of questions, but first what I'm seeing. >> >> >> >> One of our users went through a name change this week (from jmounts >> to jmartin), and now she's seeing her old ID on a couple of internally >> developed web sites (we show who's logged in on the landing page for each >> of them) that get permissions from AD. >> >> >> >> I've looked over her account briefly (get-aduser -properties*), and see a >> couple of places that still show the old ID: >> >> >> >> legacyExchangeDN : /o=Exampe/ou=US/cn=Recipients/cn=JMounts >> >> msExchADCGlobalNames : >> >> >> EX5:cn=JMounts,cn=Recipients,ou=US,o=Example:organizationalperson$per >> s >> >> on$top0000000041538F7E51E1C701} >> >> >> >> The second one above also has NT5 and FOREST entries. >> >> >> >> I also see these entries: >> >> >> >> ProxyAddresses X400:c=US;a= ;p=Example;o=US;s=Mounts;g=Jill; >> >> >> >> along with her smtp and sip addresses, and >> >> >> >> textEncodedORAddress : X400:C=US;A= >> ;P=Zetron;O=ZETUS;S=Mounts;G=Jill; >> >> >> >> But since they don't show jmounts, I don't think they play a role here. >> >> >> >> So, the question: >> >> 1) would any of these fields be picked up by the web sites? Doesn't seem >> likely to me. >> >> >> >> 2) Is there any other place I should be looking to track this down? >> >> >> >> Kurt >> >> >> >> >> > >> > >> >