Oh, and looking over the referenced article, I agree that it seems that it should refresh after 10 minutes, so I am at a loss to understand what did/didn't happen to the system(s) to update the name looking.
Weird. Kurt On Sun, Sep 24, 2017 at 5:42 PM, Michael B. Smith <[email protected]> wrote: > Thanks for this information... but I've gotta ask - did you reboot first? > > Or restart NetLogon first? > > As I read this: > https://technet.microsoft.com/en-us/library/ff428139(ws.10).aspx > > It implies that every 10 minutes the cache should be updated for existing > entries! > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Kurt Buff > Sent: Thursday, September 21, 2017 4:56 PM > To: ntsysadm > Subject: Re: [NTSysADM] Odd problems with account display after name change > > Found it... > > LSA cache seems to have been the culprit. > > https://support.microsoft.com/en-us/help/946358/the-lsalookupsids-function-may-return-the-old-user-name-instead-of-the > > I set up the regentry in this article, then restarted the netlogon service, > and we got the results we wanted. > > I expect if I had just bounced the machines, that would have fixed it too... > > Kurt > > On Sat, Sep 16, 2017 at 9:12 AM, Brian Desmond <[email protected]> wrote: >> I'd more wonder if the app doesn't have a database that it sticks some bits >> about the user in the first time they sign-in and never updates it again. >> >> Thanks, >> Brian Desmond >> >> w – 312.625.1438 | c – 312.731.3132 >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Kurt Buff >> Sent: Friday, September 15, 2017 7:01 PM >> To: ntsysadm <[email protected]> >> Subject: Re: [NTSysADM] Odd problems with account display after name >> change >> >> No, I'm not sure the app isn't caching - this despite the web developer's >> assertion that it's a direct query to AD for each login. >> >> I'm going to do an iisreset this weekend, and see if that resolves the >> problem. >> >> Kurt >> >> On Fri, Sep 15, 2017 at 4:18 PM, Brian Desmond <[email protected]> >> wrote: >>> Seems unlikely. Are you sure the app isn't caching something locally? >>> >>> Thanks, >>> Brian Desmond >>> >>> w – 312.625.1438 | c – 312.731.3132 >>> >>> -----Original Message----- >>> From: [email protected] >>> [mailto:[email protected]] On Behalf Of Kurt Buff >>> Sent: Friday, September 15, 2017 6:03 PM >>> To: ntsysadm <[email protected]> >>> Subject: [NTSysADM] Odd problems with account display after name >>> change >>> >>> All, >>> >>> I've got a couple of questions, but first what I'm seeing. >>> >>> One of our users went through a name change this week (from jmounts to >>> jmartin), and now she's seeing her old ID on a couple of internally >>> developed web sites (we show who's logged in on the landing page for each >>> of them) that get permissions from AD. >>> >>> I've looked over her account briefly (get-aduser -properties*), and see a >>> couple of places that still show the old ID: >>> >>> legacyExchangeDN : /o=Exampe/ou=US/cn=Recipients/cn=JMounts >>> msExchADCGlobalNames : >>> EX5:cn=JMounts,cn=Recipients,ou=US,o=Example:organizationalperson$per >>> s >>> on$top0000000041538F7E51E1C701} >>> >>> The second one above also has NT5 and FOREST entries. >>> >>> I also see these entries: >>> >>> ProxyAddresses X400:c=US;a= ;p=Example;o=US;s=Mounts;g=Jill; >>> >>> along with her smtp and sip addresses, and >>> >>> textEncodedORAddress : X400:C=US;A= ;P=Zetron;O=ZETUS;S=Mounts;G=Jill; >>> >>> But since they don't show jmounts, I don't think they play a role here. >>> >>> So, the question: >>> 1) would any of these fields be picked up by the web sites? Doesn't seem >>> likely to me. >>> >>> 2) Is there any other place I should be looking to track this down? >>> >>> Kurt >>> >>> >> >> > >
