Knowledge Base Search Advanced
It is possible to use both a new and old password to login to Identity Maestro. This is caused by a setting on the domain controller that allows for the old password to be used for authentification after a password reset occurs.
Note: This only affects the Identity Maestro client, users must use the new password to authenticate into workstations or other resources that have been updated during the password reset.
This problem occurs when the domain controller is configured to allow the usage of the old password after a password reset occurs. This is likely set so that if a password change occurs but hasn't fully propagated administrators will still be able to log into the server.
This issue can be resolved by modifying the network NTLM settings on the domain controller where the passwords are being reset. This is done by directly modifying the Machine Registry Subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa.