locked
The renamed users are unable to reset their passwords in owa? RRS feed

  • Question

  • Hi,

    Our users are able to login to the owa and reset their password normally.

    But there are few usrers, whose log in names created wrongly. So I just renamed those users account names in AD and Exchange with the correct one.

    These users are able to log in to OWA and access the mails with the new name as usually.

    But when they try to change the password:   1)  under domain name\username it is still showing old account name only. 2) What ever password you provide it is saying it was wrong.

    Could any one tell me the reasons for such behaviour?

    Regards,

    Ram.


    Ramakrishna

    Thursday, March 1, 2012 6:23 PM

Answers

  • Hi Ram,

    The issue is because of the LSA lookup cache mainatined on the CAS servers. Please see http://technet.microsoft.com/en-us/library/ff428139(v=ws.10).aspx for more details about the SID lookups and its implemtation.

    In a production environment, you may not see this issue often as the cache is expired at its interval. If you cannot wait,

    To force the CAS not to store the LSA lookup cache, implement the below registry key:

    • Locate and then right-click the following registry subkey:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
    • Point to New, and then click DWORD Value.
    • Type LsaLookupCacheMaxSize, and then press ENTER.
    • Right-click LsaLookupCacheMaxSize, and then click Modify.
    • In the Value data box, type 0, and then click OK.

    please let me know what you think.

    Santhosh

    Monday, March 12, 2012 4:39 AM

All replies

  • In the EMS, type:


    get-user "Person's user name here" | fl

    Does the incorrect name appear here?

    Otherwise, it might be cached somewhere in the registry (have no idea where) or in ADSIEdit.

    This solution seemed to work for the person here (ADSIEdit recommendation):

    http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_27415251.html


    If you can, rebooting the server might purge the cached credentials (assuming they are not present in some field of the user properties).

    Restarting the right service might clear the old name as well - unfortunately I'm not sure which service that would be and instead of proceeding by trial and error, you might as well just reboot the server at an appropriate time.

    Of course, that is not a good long term solution.

    Oh yes, could they simply change their password elsewhere (not in OWA)?


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

    Friday, March 2, 2012 1:09 AM
  •  

    Hi,

    I tried with get-user command and it showed me the latest name only.

    Still couldn't solve the issue.

    Ram.


    Ramakrishna

    Friday, March 2, 2012 7:27 PM
  • Can you try this:

    1. Open ADSI Edit: start > Administrative Tools > ADSI Edit
    2. Now ADSI Edit will prompt you with connection settings (If not - Ensure that ADSI Edit is highlited and then click on Action > Connect to...), ensure that "Select a well known Naming Context:" is set to "Default naming context..."
    3. Now click OK
    4. Expand your structure to the OU where the user account is located
    5. Now right click on the CN=Firstname Lastname and click properties
    6. Have a look in the Attribute Editor and see if you can find any Name that reflects the old name
    7. If you do find it, simply double click and change it


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

    Friday, March 2, 2012 9:07 PM
  •  

    Hello,

    How about resetting the password by using the UPN?

    Thanks,

    Simon

    Monday, March 5, 2012 3:58 AM
    Moderator
  • Hi,

    I have gone through the above procedure. I couldn't find any old name in the attribute editor.

    Thanks for the reply,

    Ram.


    Ramakrishna

    Monday, March 5, 2012 5:05 PM
  • Hi Ram,

    The issue is because of the LSA lookup cache mainatined on the CAS servers. Please see http://technet.microsoft.com/en-us/library/ff428139(v=ws.10).aspx for more details about the SID lookups and its implemtation.

    In a production environment, you may not see this issue often as the cache is expired at its interval. If you cannot wait,

    To force the CAS not to store the LSA lookup cache, implement the below registry key:

    • Locate and then right-click the following registry subkey:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
    • Point to New, and then click DWORD Value.
    • Type LsaLookupCacheMaxSize, and then press ENTER.
    • Right-click LsaLookupCacheMaxSize, and then click Modify.
    • In the Value data box, type 0, and then click OK.

    please let me know what you think.

    Santhosh

    Monday, March 12, 2012 4:39 AM