Validate new AD password according to local security policy?

Question

I would like to allow the current user to change their password (managed via active directory).

I would like to validate and then set their password in Active Directory

Answer 1

Imho, you can better use ChangePassword than SetPassword. That way, you require the user to specify his current (old) password. That may be interesting, because you can never be 100% sure that the user who is browsing your site is actually the user who is logged in.

Here's a link with more information: http://www.primaryobjects.com/CMS/Article66.aspx

You do not have to validate the password in advance. Just send it to AD in a try-catch, and if it's not validated, the reason why will be in the exception message.