Active Directory Cache

  • Thread starter Thread starter Mario Rodriguez
  • Start date Start date
M

Mario Rodriguez

Hi People, Does anyone have some idea how to solve this situation:

1- I create an Active Directory programatically
2- I remove this user from the Active Directory
3- I create the same user again

but throws an exception of "object already exists". My theory is that the
object is keeped on a kind of cache for a while.

Some idea if my theory is correct ?
some idea how to disable this cache or how to configure the TTL of the
objects on this cache ?


thanks
 
1- I create an Active Directory programatically
2- I remove this user from the Active Directory
3- I create the same user again

but throws an exception of "object already exists". My theory is that the
object is keeped on a kind of cache for a while.

Some idea if my theory is correct ?
some idea how to disable this cache or how to configure the TTL of the
objects on this cache ?
Click to expand...

Yes, the Active Directory does have a certain level of "latency" for
changes - some changes will not be available right away, especially in
a multi-DC environment. In such a setup with multiple DC's, it can
take up to 15 minutes to propagate changes out to all DC's so that
they're available everywhere.

You cannot change or disable this caching behaviour, as far as I know.
Question is: why on earth would you ever want to do something like
this anyway??

Marc

================================================================
Marc Scheuner May The Source Be With You!
Bern, Switzerland m.scheuner(at)inova.ch
 
2- I remove this user from the Active Directory

How? Show us the code - are you calling .CommitChanges() after you
remove the user object?

Marc
================================================================
Marc Scheuner May The Source Be With You!
Bern, Switzerland m.scheuner(at)inova.ch
 
this the remove user code:


public bool removeUser(string userName) {
try {
objRootActiveDirectory = new
DirectoryEntry("LDAP://CN=Users,DC=avantica,DC=avanticatec,DC=net");
DirectoryEntry objUser =
objRaizActiveDirectory.Children.Find("CN="+userName, "User");
if (objUser != null) {
if(impersonateUser(this.LoginUsername, this.DomainName,
this.strClave)) { // impersonating with an administrator user
objRootActiveDirectory .Children.Remove(objUser);
objRootActiveDirectory .CommitChanges();
undoImpersonate();
return true;
} else {
return false;
}
} else {
return true;
}
}
catch(Exception e) {
return false;
}
}

the exception is:



General access denied error
 
Why are you impersonating after executing the Find(), this makes no sense as
the credentials are set during the initial bind.
The result of this is the access denied" error, so your object is not
removed.

Willy.
 
Yeah, you're totally right. BTW, after delete a user it still appears on
the Active Directory Manager. As you told me this is due to the caching
behaviour of Active Directory, but this situation never occurs when you
delete a user directly from the Active Directory Manager

Any idea how to show this same functionality when I delete a user
programatically ?
 
When you delete a user programatically, the object will be deleted from the
AD, depending on the infrastructure, number of DC's, number of objects
stored, performance characteristics of the DC's, etc.... this can take some
time, but in general for simple AD domains it's a matter of seconds.
If you delete an object from the GUI, the GUI reflects the change because it
performs an auto refresh, when deleting an object using another program you
have to refres the list yourself, this is not done automatically.

Willy.
 
Back
Top