"Usenet User" <no.spam@no.way> wrote in message
news:ggnlt39d9pmgdabcjlau7rh4r7v761h2au@4ax.com...
> Here is the issue: some user accounts were renamed in our Windows
> 2003-based Active Directory. These users successfully log in with
> their new user IDs into the domain. However, when they try to access
> our IIS 6.0-based ASP.NET applications that use Integrated Windows
> Authentication, the IIS still recognizes them under their old user IDs
> (???)
>
> We tried to restart the IIS, but it did not help. We also asked users
> to try from different workstations--same story. The client machines
> have Win XP Pro.
>
> What is the reason for that and how can it be fixed?
>
> TIA!

<joseph.e.kaplan@removethis.accenture.com> wrote:

>Have you rebooted the web servers? The LSA caches SIDs, so it is possible
>that it is just going off a cached value.
>
>It is also possible that the domain controller your web servers are talking
>to have not picked up the replication of the name change yet, so the remote
>call to do the name translation is still returning the old name.
>
>This should eventually fix itself one way or the other unless you didn't
>change the name the way you think you did. For example, you could have
>changed the UPN in AD and then logged in with the new UPN but if you didn't
>change the sAMAccountName as well, ASP.NET would continue to show the old
>sAMAccountName in the username.
>
>Joe K.
>
>--
>Joe Kaplan-MS MVP Directory Services Programming
>Co-author of "The .NET Developer's Guide to Directory Services Programming"