Hi all,

I'm trying to find a way (using C#.NET or COM) to authenticate a user based
on his credentials in Active Directory. The problem is that when I manually
set "User Must Change Password at Next Logon", or when the password expires,
I can no longer bind to AD using this user. Is there a method that checks
the password in AD regardless of that flag?

What I'm trying to implement is a dialog box prompting a user to change the
password if the password has expired. How can I check the old password for
validity.

Thank you,
-Oleg.

You can't do this with an LDAP bind. The only way that I know it is
possible is by using SSPI directly, but I'm not sure how this is actually
done.

It is possible to discover if the user has that flag set using a different
set of credentials, but that doesn't help you bind unless you change that
flag.

Joe K.

"Oleg Ogurok" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi all,
>
> I'm trying to find a way (using C#.NET or COM) to authenticate a user
based
> on his credentials in Active Directory. The problem is that when I
manually
> set "User Must Change Password at Next Logon", or when the password
expires,
> I can no longer bind to AD using this user. Is there a method that checks
> the password in AD regardless of that flag?
>
> What I'm trying to implement is a dialog box prompting a user to change
the
> password if the password has expired. How can I check the old password for
> validity.
>
> Thank you,
> -Oleg.
>
>