| Author |
Message |
Microsoft
Guest
|
 Posted:
Wed Jan 12, 2005 9:13 pm Post subject:
Disable an ADAM account, but it is still can logon |
|
|
I am working in ADAM application, currently we find some strange things
when we try to disable an ADAM account, after we disable an ADAM account,
and we find it is still activity. We must restart our program, this account
will been disable, and can't logon using this account. We try to refresh
cache, it is useless.
The other issue, we can't change an ADAM account's password when logon using
an ADAM account. The error message is: "directory property not found in
cache". But we can change an ADAM account's password using Domain Account.
Thank you very much!
John Y |
|
| Back to top |
|
 |
Lee Flight
Guest
|
| Posted:
Thu Jan 13, 2005 3:57 am Post subject:
Re: Disable an ADAM account, but it is still can logon |
|
|
Hi
inline below...
"Microsoft" <yujun168@hotmail.com> wrote in message
news:ObhWMlL%23EHA.3368@TK2MSFTNGP10.phx.gbl...
| Quote: | I am working in ADAM application, currently we find some strange things
when we try to disable an ADAM account, after we disable an ADAM account,
and we find it is still activity. We must restart our program, this account
will been disable, and can't logon using this account. We try to refresh
cache, it is useless.
|
If I understand that, you are saying that if an ADAM user has successfully
authenticated to the ADAM instance then their access continues even if you
disable (set msDS-UserAccountDisabled TRUE) during that session. If
they disconnect then subsequent attempts to reconnect fail?
I think that is expected behavior as the access token for the user will
generated
when the user binds and their account status is only checked at that point.
So
if the user binds OK on a given session their access persists for that
session.
| Quote: | The other issue, we can't change an ADAM account's password when logon
using an ADAM account. The error message is: "directory property not found
in cache". But we can change an ADAM account's password using Domain
Account.
|
How are you attempting the password operation? Please say which tool or post
your
code.
Thanks
Lee Flight |
|
| Back to top |
|
|
Dmitri Gavrilov [MSFT]
Guest
|
| Posted:
Thu Jan 13, 2005 1:34 pm Post subject:
Re: Disable an ADAM account, but it is still can logon |
|
|
One observation: ADSI caches connections based on creds. An authenticated
connection will be authenticated forever, until it is disconnected. If you
release all of your ADSI objects, then it also closes the connection, and
will reopen it the next time it needs to do an ldap query.
--
Dmitri Gavrilov
SDE, Active Directory Core
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Lee Flight" <lef@le.ac.uk-nospam> wrote in message
news:eDUT#GP#EHA.2600@TK2MSFTNGP09.phx.gbl...
| Quote: | Hi
inline below...
"Microsoft" <yujun168@hotmail.com> wrote in message
news:ObhWMlL%23EHA.3368@TK2MSFTNGP10.phx.gbl...
I am working in ADAM application, currently we find some strange things
when we try to disable an ADAM account, after we disable an ADAM account,
and we find it is still activity. We must restart our program, this
account
will been disable, and can't logon using this account. We try to refresh
cache, it is useless.
If I understand that, you are saying that if an ADAM user has successfully
authenticated to the ADAM instance then their access continues even if you
disable (set msDS-UserAccountDisabled TRUE) during that session. If
they disconnect then subsequent attempts to reconnect fail?
I think that is expected behavior as the access token for the user will
generated
when the user binds and their account status is only checked at that
point.
So
if the user binds OK on a given session their access persists for that
session.
The other issue, we can't change an ADAM account's password when logon
using an ADAM account. The error message is: "directory property not
found
in cache". But we can change an ADAM account's password using Domain
Account.
How are you attempting the password operation? Please say which tool or
post
your
code.
Thanks
Lee Flight
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in