Didn't reboot. Didn't have a chance over the weekend, as I was busy with family.
Didn't do it during the week, as that would have potentially interrupted production (each of the machines runs several web sites). Apparently this also was causing problems for our ancient ERP system (still running on 2003R2), so this fixed that as well. I expect that once past the default 7-day limit, this would have been a non-issue, but now I know something I didn't before. Kurt On Sun, Sep 24, 2017 at 5:42 PM, Michael B. Smith <mich...@smithcons.com> wrote: > Thanks for this information... but I've gotta ask - did you reboot first? > > Or restart NetLogon first? > > As I read this: > https://technet.microsoft.com/en-us/library/ff428139(ws.10).aspx > > It implies that every 10 minutes the cache should be updated for existing > entries! > > -----Original Message----- > From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] > On Behalf Of Kurt Buff > Sent: Thursday, September 21, 2017 4:56 PM > To: ntsysadm > Subject: Re: [NTSysADM] Odd problems with account display after name change > > Found it... > > LSA cache seems to have been the culprit. > > https://support.microsoft.com/en-us/help/946358/the-lsalookupsids-function-may-return-the-old-user-name-instead-of-the > > I set up the regentry in this article, then restarted the netlogon service, > and we got the results we wanted. > > I expect if I had just bounced the machines, that would have fixed it too... > > Kurt > > On Sat, Sep 16, 2017 at 9:12 AM, Brian Desmond <br...@briandesmond.com> wrote: >> I'd more wonder if the app doesn't have a database that it sticks some bits >> about the user in the first time they sign-in and never updates it again. >> >> Thanks, >> Brian Desmond >> >> w – 312.625.1438 | c – 312.731.3132 >> >> -----Original Message----- >> From: listsad...@lists.myitforum.com >> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff >> Sent: Friday, September 15, 2017 7:01 PM >> To: ntsysadm <ntsysadm@lists.myitforum.com> >> Subject: Re: [NTSysADM] Odd problems with account display after name >> change >> >> No, I'm not sure the app isn't caching - this despite the web developer's >> assertion that it's a direct query to AD for each login. >> >> I'm going to do an iisreset this weekend, and see if that resolves the >> problem. >> >> Kurt >> >> On Fri, Sep 15, 2017 at 4:18 PM, Brian Desmond <br...@briandesmond.com> >> wrote: >>> Seems unlikely. Are you sure the app isn't caching something locally? >>> >>> Thanks, >>> Brian Desmond >>> >>> w – 312.625.1438 | c – 312.731.3132 >>> >>> -----Original Message----- >>> From: listsad...@lists.myitforum.com >>> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff >>> Sent: Friday, September 15, 2017 6:03 PM >>> To: ntsysadm <NTSysADM@lists.myitforum.com> >>> Subject: [NTSysADM] Odd problems with account display after name >>> change >>> >>> All, >>> >>> I've got a couple of questions, but first what I'm seeing. >>> >>> One of our users went through a name change this week (from jmounts to >>> jmartin), and now she's seeing her old ID on a couple of internally >>> developed web sites (we show who's logged in on the landing page for each >>> of them) that get permissions from AD. >>> >>> I've looked over her account briefly (get-aduser -properties*), and see a >>> couple of places that still show the old ID: >>> >>> legacyExchangeDN : /o=Exampe/ou=US/cn=Recipients/cn=JMounts >>> msExchADCGlobalNames : >>> EX5:cn=JMounts,cn=Recipients,ou=US,o=Example:organizationalperson$per >>> s >>> on$top0000000041538F7E51E1C701} >>> >>> The second one above also has NT5 and FOREST entries. >>> >>> I also see these entries: >>> >>> ProxyAddresses X400:c=US;a= ;p=Example;o=US;s=Mounts;g=Jill; >>> >>> along with her smtp and sip addresses, and >>> >>> textEncodedORAddress : X400:C=US;A= ;P=Zetron;O=ZETUS;S=Mounts;G=Jill; >>> >>> But since they don't show jmounts, I don't think they play a role here. >>> >>> So, the question: >>> 1) would any of these fields be picked up by the web sites? Doesn't seem >>> likely to me. >>> >>> 2) Is there any other place I should be looking to track this down? >>> >>> Kurt >>> >>> >> >> > >
