WindowsIdentity.Name不从Active Directory返回新名称 [英] WindowsIdentity.Name doesn't return new name from Active Directory
问题描述
任何帮助将是真正的AP preciated。
我就不告诉你细节,但我们必须从命名我们所有的活动目录用户[名] [姓氏]至[首字母] [姓氏]来获得空间了用户名。
I'll spare you the details, but we have to rename all of our Active Directory users from [First name] [Last Name] to [First Initial][Last Name] to get the space out of the usernames.
我们有一个使用的code以下行来获取用户名从Windows,一旦用户登录使用Windows身份验证的生产Web应用程序:
We have a production web application that uses the following line of code to get the Username from Windows once the user logs in with Windows Authentication:
System.Security.Principal.WindowsIdentity.GetCurrent().Name
在我们通过Active Directory用户和计算机更新用户的帐户,它需要在此之前线code相当长一段时间返回他们的新用户名。他们无法登录,直到被更新。
After we update a user's account through Active Directory Users and Computers, it takes quite a while before that line of code returns their new username. They cannot login until that is updated.
有谁知道我能在网服务器上做的就是它继续和更新?我已经试过如下:
Does anybody know what I can do on the webs server to get it to go ahead and update? I have tried the following:
1)在AD站点和功放的所有域控制器之间触发复制;服务 2)运行gpupdate /从生产Web服务器上的命令行的力量 3)从prouduction Web服务器上的命令行
1) Trigger replication between all domain controllers in AD Sites & Services 2) Run gpupdate /force from a command line on the production web servers 3) Run iisreset from a command line on the prouduction web servers
现在,我不必更新用户一次一个让每个人都为能正常工作。
Right now I am having to update users one at a time so that everyone else as able to work.
任何答案,想法,可以尝试,或如该.Name点属性实际上得到它的价值净的解释是AP preciated。
Any answers, ideas, things to try, or a .Net explanation of where that .Name property actually gets its value would be appreciated.
推荐答案
在我的理解,你描述的可能是事因缓存凭据。该功能允许用户连接的未插入到网络的计算机上(或无法看到的DC)。
In my understanding, the thing you describe may be due to "cached credentials". This feature allow a user to connect on a computer which is not plugged to the network (or can't see a DC).
您可以配置此功能具有以下GPO设置:
You can configure this feature with the following GPO setting:
电脑 - >配置 - >窗口设置 - >安全设置 - >本地策略 - >安全选项。 在右窗格中交互式登录:的previous登录人数缓存
Computer->configuration->windows settings->security settings->local policies->security options. In the right pane "Interactive logon: Number of previous logons to cache"
该defaul值是10,把0。
The defaul value is 10, put 0.
该解决方案的缺点是,人们对笔记本电脑可能无法reconect ......如果他们不看的DC。
The drawback of this solution is that people on laptop may not be able to reconect ... if they don't "see" a DC.
但它可以是一个解释
JP
这篇关于WindowsIdentity.Name不从Active Directory返回新名称的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
