Hello developers!

I am writing a small utility ( web-based ) that allows the user to change his password in Active Directory and a few other goodies.

I use the following code for the .net 3.5 version:

 public static string ChPassword(string domain, string container, string userName, string oldPassword, string newPassword) { PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, domain, container, "admin", "password"); UserPrincipal user = UserPrincipal.FindByIdentity(principalContext, userName); if (user == null) throw(new Exception("User Not Found In This Domain")); user.SetPassword(newPassword); user.Save(principalContext); return user.Name; }

Actually changing the password works, only after this change, both the old and new passwords work. That for me, in general, is strange.

Maybe someone worked with these libraries? Prompt, please, best-practices for the decision of my problem. Thank.

    1 answer 1

    You are not the first who faced this :-)

    This behavior is due to the way that AD and Kerberos work. At best, the old password will stop working after some time. Also, if a user logged on to a workstation, the password is cached there and can be used to log in for some time even after changing the password in the directory.

    Here is a detailed description of why this is happening.

    • Thank. Allowed myself to convert to the answer. - Dex