WindowsIdentity.Name 不从 Active Directory 返回新名称
如果您能提供有关此问题的任何帮助,我们将不胜感激。
我不会向您提供详细信息,但我们必须将所有 Active Directory 用户从 [名字] [姓氏] 重命名为 [名字首字母][姓氏] 去掉用户名中的空格。
我们有一个生产 Web 应用程序,一旦用户使用 Windows 身份验证登录,它就会使用以下代码行从 Windows 获取用户名:
System.Security.Principal.WindowsIdentity.GetCurrent().Name
在我们通过 Active Directory 用户和计算机更新用户帐户后,需要很长时间才能看到该行代码返回他们的新用户名。在更新之前他们无法登录。
有谁知道我可以在网络服务器上做什么来让它继续更新?我已尝试以下操作:
1)触发 AD 站点中所有域控制器之间的复制服务 2) 在生产 Web 服务器上从命令行运行 gpupdate /force 3) 在生产 Web 服务器上从命令行运行 iisreset
现在,我必须一次更新一个用户,以便其他人都能够工作。
任何答案、想法、尝试的事情或 .Name 属性实际获取其值的 .Net 解释都将受到赞赏。
Any help on this would be TRULY appreciated.
I'll spare you the details, but we have to rename all of our Active Directory users from [First name] [Last Name] to [First Initial][Last Name] to get the space out of the usernames.
We have a production web application that uses the following line of code to get the Username from Windows once the user logs in with Windows Authentication:
System.Security.Principal.WindowsIdentity.GetCurrent().Name
After we update a user's account through Active Directory Users and Computers, it takes quite a while before that line of code returns their new username. They cannot login until that is updated.
Does anybody know what I can do on the webs server to get it to go ahead and update? I have tried the following:
1) Trigger replication between all domain controllers in AD Sites & Services
2) Run gpupdate /force from a command line on the production web servers
3) Run iisreset from a command line on the prouduction web servers
Right now I am having to update users one at a time so that everyone else as able to work.
Any answers, ideas, things to try, or a .Net explanation of where that .Name property actually gets its value would be appreciated.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
根据我的理解,您所描述的事情可能是由于“缓存凭据”造成的。此功能允许用户连接未插入网络(或看不到 DC)的计算机。
您可以使用以下 GPO 设置来配置此功能:
计算机 -> 配置 -> Windows 设置 -> 安全设置 -> 本地策略 -> 安全选项。
在右窗格中“交互式登录:以前登录到缓存的次数”
默认值为 10,输入 0。
此解决方案的缺点是笔记本电脑上的用户可能无法重新连接......如果他们不“看到” “一个DC。
但这也许是一种解释。
太平绅士
In my understanding, the thing you describe may be due to "cached credentials". This feature allow a user to connect on a computer which is not plugged to the network (or can't see a DC).
You can configure this feature with the following GPO setting:
Computer->configuration->windows settings->security settings->local policies->security options.
In the right pane "Interactive logon: Number of previous logons to cache"
The defaul value is 10, put 0.
The drawback of this solution is that people on laptop may not be able to reconect ... if they don't "see" a DC.
But it may be an explanation.
JP