Below is the code which is being used to reset the password.
I want to stop this behavior.
Only new password should work. user should not be able to log in with old password.
using (var search= new DirectorySearcher(dir))
{
search.Asynchronous = false;
search.CacheResults = false;
dirSearch.Filter = "(&(objectCategory=User)(objectClass=person)(name=" + UserName.Trim() + "))";
SearchResult result = dirSearch.FindOne();
if (result != null)
{
using (var entryUpdate = result.GetDirectoryEntry())
{
entryUpdate.Invoke("setpassword", new object[] { NewPassword });
entryUpdate.CommitChanges();
//entryUpdate.RefreshCache();
}
}
result = null;
}
It's only possible to have two different passwords at the same time when Active Directory replication is broken. This is not actually a code issue. The way to fix it is to determine where the AD replication is broken. You can quickly check AD Health at a glance by running the command repadmin /showrepl. If you see errors, then run dcdiag /v on any domain controllers showing errors in the output. A new favorite tool of mine now to determine AD Health also is to run the PowerShell utility ADHealthCheck.