Are you in a web application when you see this? IIS caches the user token, so that it does not have to revalidate the credentials each time against the DC. Thus, after a password change, you can log on with both the new and old password for about 15 minutes. There is a registry setting that you can change to shorten this time, but it affects performance.
The following article gives the details: http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B152526 HTH, Matt Matt Milner BORN - Leading Business Through Technology [EMAIL PROTECTED] -----Original Message----- From: Robert Rolls [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 10, 2003 1:01 AM To: [EMAIL PROTECTED] Apart from lowering your replication time but then again I wouldn't do this myself personally. -----Original Message----- From: Shawn Wildermuth [mailto:[EMAIL PROTECTED] Sent: Tuesday, 10 June 2003 11:45 AM To: [EMAIL PROTECTED] Subject: Re: [ADVANCED-DOTNET] Changing Password in Active Directory using Directory Services namespace I think you're noticing a coincidence. AD (like most LDAP implementations) is a lazy writer. LDAP implementations are usually tuned for high perf reading, writing gets slowed down in deference to reading. There is usually a lag between writing and being able to read the same value out. I know of no way currently to flush these writes to the data store. Thanks, Shawn Wildermuth [EMAIL PROTECTED] http://adoguy.com Author of Pragmatic ADO.NET Editor of http://ONDotnet.com > > -----Original Message----- > From: Moderated discussion of advanced .NET topics. > [mailto:[EMAIL PROTECTED] On Behalf Of Ollie Riches > Sent: Monday, June 09, 2003 5:47 AM > To: [EMAIL PROTECTED] > > I am invoking the 'ChangePassword' method on the DirectoryEntry object > for a user, this successfully changes the passsword for the user and I > can login with the new password, BUT the old password is also valid so > I can login with either the new or old password until the win32 > process has been shutdown. It appears the changes are not getting > flushed into the AD correctly.... > > Has anyone else seen this? > > Has anyone got a solution? > > I have tried turning off property caching using the 'UsePropertyCache' > property and then reloading the properties using the 'RefreshCache' > method but this did not help. > > The code used to reset the password is shown below:- > > private void > ChangePassword(System.DirectoryServices.DirectoryEntry entry, string > oldPassword, string newPassword) { object[] pwd = new object[] > {oldPassword, newPassword}; entry.Invoke("ChangePassword", pwd); > //Commit the changes back into directory service > entry.CommitChanges(); entry.RefreshCache(); } > > Cheers in Advance > > Ollie > > >
