I have noticed that when users login to the IVE, the Lastlogon attributte in AD is not updated, only when a user enters an incorrect password the first time and then subsiquently enters a correct one does it update the attributte, this suggest that the IVE is caching these credentials, however we have the 'Persistant Password Caching' feature disabled, also, I'm thinkng even if this was the case, the IVE should still interogate the domain controller in case the password was changed from another system....... what else controls whether the IVE caches credentials on not?...............any one dealt with this before?..preciate any insites.
I have AD 2000 by the way.
Have you selected "NTLM" under authentication protocols (AD auth server definition page on IVE)? If yes changing to Kerberos will resolve this issue. Below is an article from MS that explains 'why'
Note: For each user session IVE will always validate the credentails against the backend authentication server
Hope it helps!
Thanks for the response,
I believe the issue you're referencing is only particular to Win2003 AD, I have AD 2000,
I do have keberos and NTLM enabled for backwards compatability,
What I find interesting is that the attribute is updated only when you input an incorrect password.