Check AD password if "user must change password next login"

[Oleg Ogurok]

Hi all,

I'm trying to find a way (using C#.NET or COM) to authenticate a user based
on his credentials in Active Directory. The problem is that when I manually
set "User Must Change Password at Next Logon", or when the password expires,
I can no longer bind to AD using this user. Is there a method that checks
the password in AD regardless of that flag?

What I'm trying to implement is a dialog box prompting a user to change the
password if the password has expired. How can I check the old password for
validity.

Thank you,
-Oleg.

 

[Joe Kaplan \(MVP - ADSI\)]

You can't do this with an LDAP bind. The only way that I know it is
possible is by using SSPI directly, but I'm not sure how this is actually
done.

It is possible to discover if the user has that flag set using a different
set of credentials, but that doesn't help you bind unless you change that
flag.

Joe K.