locked
Directory service problem RRS feed

  • Question

  • User-189550214 posted

    hi,

    I am using (System.DirectoryServices) library to perform operations on active directory such as (create User in Organizational Unit, create Organizational Unit). In my database there is table contains Security Identifier (SID) For the User that exists in active directory, I am Using This SID to perform Data Synchronization between the table and active directory But I have this problem: When I connect to Active directory server from another server and delete user And after that I try to create the same user in active directory, I get the Old SID For the New User that I already deleted, for Example: - When I create the User that has Account Name (james), and get it’s data the SID is : S-1-5-21-3155200135-2363911474-781782287-1272 - When I delete this User and create The same User with the same name (james), I get The Old SID : S-1-5-21-3155200135-2363911474-781782287-1272 But the strange idea is when I go to the Active directory server and preview the user data I found that the SID for the user is another Sid (different from S-1-5-21-3155200135-2363911474-781782287-1272). And when I test the same scenario on the active directory (without connecting to it form another PC) everything goes right and I get a new SID.

    note:all the operations performed on Active directory 2012 and 2008 and i get the same results

    please any help

    Sunday, July 13, 2014 2:27 PM

Answers

  • User1508394307 posted

    1) Search results are cached by default. Try to set DirectorySearcher.CacheResults to false

    DirectorySearcher s = new DirectorySearcher(SearchRoot); 
    s.CacheResults = false;
    s.Filter = "(&(objectClass=user)(objectCategory=person)(givenName=john))";

    http://msdn.microsoft.com/en-us/library/system.directoryservices.directorysearcher.cacheresults(v=vs.110).aspx 

    2) Domain controller which you use to get data from the application, might be different with the one you use for test ("when I go to the Active directory server") and might not have been replicated with the new data yet. You can easily check it if you run adsiedit (or whatever you use) directly from the server where application is running and see if you have same SID or not.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, July 14, 2014 7:19 AM

All replies

  • User753101303 posted

    Hi,

    Could it be that you just see the old account until this server is in sync with latest changes ? A Windoows admin group could be better as the issue is rather related to how AD works rather than really to ASP.NET IMO.

    Sunday, July 13, 2014 6:21 PM
  • User1508394307 posted

    1) Search results are cached by default. Try to set DirectorySearcher.CacheResults to false

    DirectorySearcher s = new DirectorySearcher(SearchRoot); 
    s.CacheResults = false;
    s.Filter = "(&(objectClass=user)(objectCategory=person)(givenName=john))";

    http://msdn.microsoft.com/en-us/library/system.directoryservices.directorysearcher.cacheresults(v=vs.110).aspx 

    2) Domain controller which you use to get data from the application, might be different with the one you use for test ("when I go to the Active directory server") and might not have been replicated with the new data yet. You can easily check it if you run adsiedit (or whatever you use) directly from the server where application is running and see if you have same SID or not.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, July 14, 2014 7:19 AM