Active Directory Issue / VB.NET bug

[bucrepus]

I have a vb.net program that sets a user's password in AD. It also checks / authenticates that user/ password with some other code. The problem is I can use either password and both return valid. After about 5 minutes, the old password then starts returning invalid. The user account on the AD only accepts the new password when I try an actual windows login, the old is rejected instantly. Looks like VB.NET / Framework or something is caching something when it shouldn't. These computers ARE NOT joined to the domain itself, I'm simply checking a domain account. I can reproduce it across any computer, and I END the program each time I try the test.

Code snippit that sets password

Dim userEntry As DirectoryEntry = result.GetDirectoryEntry()
If userEntry IsNot Nothing Then
userEntry.Invoke("ChangePassword", New Object() {currentPassword, newPassword})
userEntry.CommitChanges()
userEntry.Close()
userEntry.Dispose()
End If


Code to authenticate password. It will throw and exception at de.RefreshCache if the user/password combo is invalid.

Dim de As New DirectoryServices.DirectoryEntry("LDAP://testdomain.local", username, password,
DirectoryServices.AuthenticationTypes.Secure Or
DirectoryServices.AuthenticationTypes.Sealing Or
DirectoryServices.AuthenticationTypes.Signing)
de.RefreshCache()
de.Close()
de.Dispose()

This works fine but I can use both passwords (old and changed) for about 5 minutes and then the old becomes invalid. I need the old one to fail immediately.

What's going on?

Thanks for your time..

Continue reading...