Usingg ldp.exe utility, I have connected to LDAP using an admin account of the windows box..
View ==>Tree for CN=testing test,OU=AutomationQA_OU_2,DC=adb,DC=fed,DC=xyz,DC=com gives:
distinguishedName: CN=testing test,OU=AutomationQA_OU_2,DC=adb,DC=fed,DC=xyz,DC=com;
userPrincipalName: testing@adb.fed.xyz.com;
uSNChanged: 34251;
uSNCreated: 34246;
Then I do a bind
res = ldap_bind_s(ld, NULL, &NtAuthIdentity, NEGOTIATE (1158)); // v.3
{NtAuthIdentity: User='testing'; Pwd=<unavailable>; domain = 'adb'}
Authenticated as: 'ADB\testing'.
Then again checked usn. Its increased
distinguishedName: CN=testing test,OU=AutomationQA_OU_2,DC=adb,DC=fed,DC=xyz,DC=com;
userPrincipalName: testing@adb.fed.xyz.com;
uSNChanged: 34252;
uSNCreated: 34246;
Then I repeated the above steps i.e. again performed the bind.but this time when I tried getting the uSNChanged number , i saw that its NOT incremented...
Does binding a user for the fist time only increases the usn number? How usn number change is handled in case of bind.
Can someone please explain this?
The USN will change on the account that you use to authenticate.
The USN only changes when the account is modified. When you authenticate, the lastLogon attribute gets updated, and therefore the account has changed, so the USN is updated.
Credentials are often cached automatically, so doing the same thing a second time will use the same access token from the first attempt and will not count as a second login. So the lastLogon will not be updated and the USN will not change.
The USN will not change on the account you are binding to. So if you bind to an account that is not the same as the account you are using to authenticate, you will see that the USN does not change.