I am using PrincipalContext (Namespace: System.DirectoryServices.AccountManagement) for authentication my application against the active directory (I am using the ValidateCredentials function) The authentication works fine, when I am resetting a user password in the active directory and forcing him to change password in the next login I can’t authenticate the user. I tried to change the way that I am doing authentication, I used LdapConnection (Namespace: System.DirectoryServices.Protocols), authentication worked ok, when I reset the user password and force the user to change password in the next login , I can’t authenticate this user , if I am only resetting the password and not forcing the user to change password in the next login , I can authenticate the user, I tested the same scenario with a different active directory and it worked in all scenarios Is it possible that active directory is preventing me from authenticate through code, when user must change password in the next login flag is true ?