Just why... does Active Directory validate the last password?

Hi there,

I am working on a simple solution to update a user's password in Active Directory.

I can successfully update the users password. Updating the password works fine. Lets say the user has updated the password from MyPass1 to MyPass2

Now when I run my custom code to validate users credential using:

using(PrincipalContext pc = new PrincipalContext(ContextType.Domain, "TheDomain"))
{
    // validate the credentials
    bool isValid = pc.ValidateCredentials("myuser", "MyPass2");
}

//returns true - which is good

Now when I enter some wrong password it validates very nicely:

using(PrincipalContext pc = new PrincipalContext(ContextType.Domain, "TheDomain"))
{
    // validate the credentials
    bool isValid = pc.ValidateCredentials("myuser", "wrongPass");
}

//returns false - which is good

Now for odd reasons, it validates the previous last password which was MyPass1 remember?

using(PrincipalContext pc = new PrincipalContext(ContextType.Domain, "TheDomain"))
{
    // validate the credentials
    bool isValid = pc.ValidateCredentials("myuser", "MyPass1");
}

//returns true - but why? we have updated password to Mypass2

I got this code from

http://stackoverflow.com/questions/290548/c-sharp-validate-a-username-and-password-against-active-directory

Guys, any thoughts on this...... Is it something to do with last password expiry or is this how the validation supposed to work

Kindly reply... Any inputs would be greatly appreciated :)

Cheers!

Re: Just why... does Active Directory validate the last password?

I dont use directoryservices myself but I have seen that when it is used it appears to work with a cached copy of the user's information and any changes takes time to update in the application.

Re: Just why... does Active Directory validate the last password?

Hi there...

Thanks for your. How can we clear the cached copy?

Please reply.

Re: Just why... does Active Directory validate the last password?

I am not sure if there is a way without restarting the web in IIS or waiting for it to replicate from AD. Had a guy where I work trying to use directoryservices for an application and had the same issue. If you want to test that try using the code here, http://www.codeproject.com/Articles/18102/Howto-Almost-Everything-In-Active-Directory-via-C and see if you can authenticate the user using the code there.