The LsaLookupSids function may return the old user name instead of the new user name if the user name has changed on a domain controller| Article ID | : | 946358 | | Last Review | : | December 28, 2007 | | Revision | : | 1.1 |
SYMPTOMSConsider the following scenario: | • | A domain member computer is running Windows Vista, Windows Server 2003, or Windows XP. | | • | On the domain member computer, an application calls the LsaLookupSids function to translate a security identifier (SID) to a user name. | | • | The user name has been changed on a domain controller.
|
In this scenario, the LsaLookupSids function may return the old user name instead of the new user name. This behavior may prevent the application from working correctly.
 Back to the top
CAUSEThe local security authority (LSA) caches the mapping between the SID and the user name in a local cache on the domain member computer. The cached user name is not synchronized with domain controllers. The LSA on the domain member computer first queries the local SID cache. If an existing mapping is already in the local SID cache, the LSA returns the cached user name information instead of querying the domain controllers. This behavior is intended to improve performance. Back to the top WORKAROUNDTo work around this issue, disable the local SID cache on the domain member computer. To do this, follow these steps: | 1. | Open Registry Editor.
To do this in Windows XP or in Windows Server 2003, click Start, click Run, type regedit, and then click OK.
To do this in Windows Vista, Click Start, type regedit in the Start Search box, and then press ENTER. | | 2. | Locate and then right-click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa | | 3. | Point to New, and then click DWORD Value. | | 4. | Type LsaLookupCacheMaxSize, and then press ENTER. | | 5. | Right-click LsaLookupCacheMaxSize, and then click Modify. | | 6. | In the Value data box, type 0, and then click OK. | | 7. | Exit Registry Editor. |
Note The LsaLookupCacheMaxSize registry entry sets the maximum number of cached mappings that can be saved in the local SID cache. The default maximum number is 128. When the LsaLookupCacheMaxSize registry entry is set to 0, the local SID cache is disabled. Back to the top STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. Back to the top MORE INFORMATIONThe LSA maintains a SID cache on domain member computers. This cache stores mappings between SIDs and user names. If the SID information exists in the local cache, the LSA returns the cached user name information instead of checking whether the user name has changed. The local SID cache helps reduce domain controller workload and network traffic. However, inconsistency may occur between the local cache and the domain controllers. Back to the top REFERENCESFor more information about the LsaLookupSids function, visit the following Microsoft Web site: Back to the top
APPLIES TO| • | Microsoft Windows Server 2003, Standard Edition (32-bit x86) | | • | Microsoft Windows Server 2003, Enterprise Edition (32-bit x86) | | • | Microsoft Windows Server 2003, Web Edition | | • | Microsoft Windows Server 2003, Datacenter Edition (32-bit x86) | | • | Microsoft Windows Server 2003, Standard x64 Edition | | • | Microsoft Windows Server 2003, Enterprise x64 Edition | | • | Microsoft Windows Server 2003, Datacenter x64 Edition | | • | Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems | | • | Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems | | • | Microsoft Windows XP Professional | | • | Microsoft Windows XP Professional x64 Edition | | • | Windows Vista Ultimate | | • | Windows Vista Home Premium | | • | Windows Vista Home Basic | | • | Windows Vista Enterprise | | • | Windows Vista Business | | • | Windows Vista Business 64-bit Edition | | • | Windows Vista Ultimate 64-bit Edition | | • | Windows Vista Home Premium 64-bit Edition | | • | Windows Vista Home Basic 64-bit Edition | | • | Windows Vista Enterprise 64-bit Edition |
Back to the top | Other Support Options- Need More Help?
Contact a Support professional by Email, Online or Phone. - Customer Service
For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more. - Newsgroups
Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.
|
|
Help and Support
