ValidateCredentials returns true for unknown user?

Question

I\'m seeing some odd behaviour here using PrincipalContext.ValidateCredentials. The set-up is two Active Directory domains in parent/child setup (so we have pri

Answer 1

Some amount of googling later (not that I've been in and out of google all day trying to find this anyway), I've found the answer.

Put simply, if the Guest account is enabled in the domain, ValidateCredentials will return TRUE for an unknown user. I've just checked the status of the guest user in development.company.com, and sure enough the account is enabled. If I have the guest account disabled, ValidateCredentials correctly returns false.

This is a fairly fundamental gotcha, not sure I'm keen on this behaviour... pity it's not explicitly mentioned on MSDN.