Windows AD Login Password Caching - KB Article #1794Related Articles --
Serv-U's Windows Authentication module allows administrators to simplify server management by granting access to Active Directory user accounts and using existing NTFS permissions rather than creating new users from scratch. When users log in their username and password are checked against AD, and if a match is confirmed the user is allowed to log in.
Windows is known to experience internal failures when too many successive login attempts are issued to it. In order for Serv-U to remain compliant with these successive logon limitations, it caches AD login credentials for a period of 5 minutes after the users last log out event. Every two minutes, all cached AD login credentials are reviewed, and if a cached login has not been used in five minutes or more the cached login is destroyed. This prevents Windows from providing Serv-U with invalid information that will grant the user incorrect permissions.
NOTE: This also applies to disabled user accounts, so in cases where an Active Directory user is disabled shortly after their last logon attempt the user will still be able to log on for a period of five to six minutes. If time is of the essence in revoking access, Serv-U should be restarted.