I've created a simple web app for users can change their domain account password. I'm using ASP.NET 6.0 with System.DirectoryServices library. The issue is with the ValidateCredentials method of the PrincipalContext class, that are returning false for some accounts (I've checked them and works perfectly with all other services), it doesn't throw any Exception, just false. The code is simply as next:

public bool AuthenticateUser(string accountName, string password)
{
      var context = new PrincipalContext(ContextType.Domain,
                                         _credentialsProvider.GetLdapServer(),
                                         _credentialsProvider.GetLdapSearchBase(),
                                         _credentialsProvider.GetBindUsername(),
                                         _credentialsProvider.GetBindPassword());

      return context.ValidateCredentials(accountName, password);
} 

I've used also UserPrincipal.FindByIdentity to validate the existence of the account, I've tested the password in another domain services, and everything worked fine but the ValidateCredentials result.

I've tried with different ContextOptions values, also with different ways with the accountName (using NETBIOS format [DOMIAN\account], and using domain format [account@domain.any]), and the result is the same; some users authenticate and some not.