I do not know if it is relevant but changing AD password using LDAP is not any more posible when the user password has expired, because it tries to bind with the expired username and fails. You must use kerberos instead.
I do not know if it is relevant but changing AD password using LDAP is not any more posible when the user password has expired, because it tries to bind with the expired username and fails. You must use kerberos instead.