phoenix, he's not asking about syncing passwords; he is authenticating to AD "live" via LDAP. His problem is that a bind to AD returns success for an old password.
Believe it or not, this is actually the intended behavior of Active Directory. See
Windows Server 2003 Service Pack 1 modifies NTLM network authentication behavior and
NTLM Authentication: Old Password Usable After Password Changed - CA Security Advisor Research Blog - CA Quote:
|
Microsoft Windows Server 2003 Service Pack 1 (SP1) modifies NTLM network authentication behavior. After you install Windows Server 2003 SP1, domain users can use their old password to access the network for one hour after the password is changed.
|