Thanks for this information... but I've gotta ask - did you reboot first? Or restart NetLogon first?
As I read this: https://technet.microsoft.com/en-us/library/ff428139(ws.10).aspx It implies that every 10 minutes the cache should be updated for existing entries! -----Original Message----- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Thursday, September 21, 2017 4:56 PM To: ntsysadm Subject: Re: [NTSysADM] Odd problems with account display after name change Found it... LSA cache seems to have been the culprit. https://support.microsoft.com/en-us/help/946358/the-lsalookupsids-function-may-return-the-old-user-name-instead-of-the I set up the regentry in this article, then restarted the netlogon service, and we got the results we wanted. I expect if I had just bounced the machines, that would have fixed it too... Kurt On Sat, Sep 16, 2017 at 9:12 AM, Brian Desmond <br...@briandesmond.com> wrote: > I'd more wonder if the app doesn't have a database that it sticks some bits > about the user in the first time they sign-in and never updates it again. > > Thanks, > Brian Desmond > > w – 312.625.1438 | c – 312.731.3132 > > -----Original Message----- > From: listsad...@lists.myitforum.com > [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff > Sent: Friday, September 15, 2017 7:01 PM > To: ntsysadm <ntsysadm@lists.myitforum.com> > Subject: Re: [NTSysADM] Odd problems with account display after name > change > > No, I'm not sure the app isn't caching - this despite the web developer's > assertion that it's a direct query to AD for each login. > > I'm going to do an iisreset this weekend, and see if that resolves the > problem. > > Kurt > > On Fri, Sep 15, 2017 at 4:18 PM, Brian Desmond <br...@briandesmond.com> wrote: >> Seems unlikely. Are you sure the app isn't caching something locally? >> >> Thanks, >> Brian Desmond >> >> w – 312.625.1438 | c – 312.731.3132 >> >> -----Original Message----- >> From: listsad...@lists.myitforum.com >> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff >> Sent: Friday, September 15, 2017 6:03 PM >> To: ntsysadm <NTSysADM@lists.myitforum.com> >> Subject: [NTSysADM] Odd problems with account display after name >> change >> >> All, >> >> I've got a couple of questions, but first what I'm seeing. >> >> One of our users went through a name change this week (from jmounts to >> jmartin), and now she's seeing her old ID on a couple of internally >> developed web sites (we show who's logged in on the landing page for each of >> them) that get permissions from AD. >> >> I've looked over her account briefly (get-aduser -properties*), and see a >> couple of places that still show the old ID: >> >> legacyExchangeDN : /o=Exampe/ou=US/cn=Recipients/cn=JMounts >> msExchADCGlobalNames : >> EX5:cn=JMounts,cn=Recipients,ou=US,o=Example:organizationalperson$per >> s >> on$top0000000041538F7E51E1C701} >> >> The second one above also has NT5 and FOREST entries. >> >> I also see these entries: >> >> ProxyAddresses X400:c=US;a= ;p=Example;o=US;s=Mounts;g=Jill; >> >> along with her smtp and sip addresses, and >> >> textEncodedORAddress : X400:C=US;A= ;P=Zetron;O=ZETUS;S=Mounts;G=Jill; >> >> But since they don't show jmounts, I don't think they play a role here. >> >> So, the question: >> 1) would any of these fields be picked up by the web sites? Doesn't seem >> likely to me. >> >> 2) Is there any other place I should be looking to track this down? >> >> Kurt >> >> > >
