Re: LogonUser API

If you are positive you don't have latency, I am not sure why you are seeing that then, it shouldn't be a matter of caching but you can certainly do a network trace and verify the auth traffic is being sent.

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


dirserviceguy@xxxxxxxxxxx wrote: 
That's what I thought at 1st too.....but it'll occur in a 2 DC test system,
after I've verifed replication has occured....also it does not not affect
the XP GINA, just the API.


"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message
news:u0XJHLMBGHA.3840@xxxxxxxxxxxxxxxxxxxxxxx
Replication latency. Whatever DC being hit by the machine calling the API
call 
has the old password, the new password also works because the DC will use
PDC-Chaining to ask the PDC if the password is valid. Unless someone has
made
some changes to configuration, the PDC will always have the most up to
date 
password.

    joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


dirserviceguy@xxxxxxxxxxx wrote:
I'm seeing a thing with Server 2003 native mode AD.....it seems that If
I'm
using the LogonUser API to check authentication on a user, and I change
the
password on the user.....the old password returns a "success", via the
API, 
for about a hour after I change it? I've tested this on a couple of
different AD forests, with the same results. Is this by design? why?




.

Relevant Pages