AD LDS Context password Intermittently resetting

Question

Using the DirectoryServices.AccountManagement library in C#, I am establishing a PrincipalContext, then using that context to validate users.

It seems that the username with which I am establishing the context is being intermittently corrupted/reset or something else is going on causing the establishing of context to fail.

After manually resetting the password to using ADSIEdit, I am able to establish context as normal.

I am establishing context as shown:

PrincipalContext ldsUserContext = new PrincipalContext( ContextType.ApplicationDirectory, "[servername]:389", "CN=USERS,CN=XXX,O=XXX", ContextOptions.SimpleBind, "CN=[username],CN=PEOPLE,CN=XXX,O=XXX", "[password]");

I then use ValidateCredentials as shown:

context.ValidateCredentials("CN=[login],CN=USERS,CN=XXX,O=XXX", [userpassword], ContextOptions.SimpleBind)

There are currently around 15 users logging in around 5 times each during the day. There can be days or months between each occurrence of the problem.

Any ideas as to what might be going on?

Thanks,

Matt

Answer 1

Have you looked to see if the account is getting intruder locked? I.e. Someone is making random password guess attempts against the account. This locks it, and thus you cannot log in.

What I am not sure of, is if a Password change via ADSI Edit will reset the accountLockout time.