Last post Jul 14, 2014 07:19 AM by smirnov
Jul 13, 2014 02:27 PM|BlackBasha|LINK
I am using (System.DirectoryServices) library to perform operations on active directory such as (create User in Organizational Unit, create Organizational Unit). In my database there is table contains Security Identifier (SID) For the User that exists in
active directory, I am Using This SID to perform Data Synchronization between the table and active directory But I have this problem: When I connect to Active directory server from another server and delete user And after that I try to create the same user
in active directory, I get the Old SID For the New User that I already deleted, for Example: - When I create the User that has Account Name (james), and get it’s data the SID is : S-1-5-21-3155200135-2363911474-781782287-1272 - When I delete this User and
create The same User with the same name (james), I get The Old SID : S-1-5-21-3155200135-2363911474-781782287-1272 But the strange idea is when I go to the Active directory server and preview the user data I found that the SID for the user is another Sid (different
from S-1-5-21-3155200135-2363911474-781782287-1272). And when I test the same scenario on the active directory (without connecting to it form another PC) everything goes right and I get a new SID.
note:all the operations performed on Active directory 2012 and 2008 and i get the same results
please any help
Jul 13, 2014 06:21 PM|PatriceSc|LINK
Could it be that you just see the old account until this server is in sync with latest changes ? A Windoows admin group could be better as the issue is rather related to how AD works rather than really to ASP.NET IMO.
Jul 14, 2014 07:19 AM|smirnov|LINK
1) Search results are cached by default. Try to set DirectorySearcher.CacheResults to false
DirectorySearcher s = new DirectorySearcher(SearchRoot);
s.CacheResults = false;
s.Filter = "(&(objectClass=user)(objectCategory=person)(givenName=john))";
2) Domain controller which you use to get data from the application, might be different with the one you use for test ("when I go to the Active directory server") and might not have been replicated with the new data yet. You can easily check it if you run
adsiedit (or whatever you use) directly from the server where application is running and see if you have same SID or not.