A user in the Active Directory has had a change of his SAM account name, but a web application running IIS still recognizes him under his old SAM Account name. I presume this is because the AD principals are cached.
The IIS server variables in the request indicates the mismatch:
- LOGON_USER: Old user name
- AUTH_USER: New user name
How can the principal be purged from the cache on the server so that it picks up the new SAM account name (preferably without rebooting the server or waiting for the 720 minute cache expiry duration)?
Best Answer
see http://support.microsoft.com/kb/946358 for a possible solution (set LsaLookupCacheMaxSize 0)
also see http://technet.microsoft.com/en-us/library/ff428139(WS.10).aspx ( How SIDs and Account Names Can Be Mapped in Windows )