Old LDAP passwords not immediately invalidated for users when new password is createdDescriptionAfter the client changes the password for a Lightweight Directory Access Protocol (LDAP) user, the user is able to log on with BOTH the old and new passwords.ResolutionThis is normal behavior for a replicant LDAP Catalog. By default, Active Directory (AD) allows a short 'grace period'. This takes place on the client's remote server and cannot be configured by ServiceNow. To resolve this, suggest that the client's AD administrator investigate their configuration. ServiceNow does not cache LDAP passwords at all. When an LDAP user signs into ServiceNow, the credentials get sent directly to the remote LDAP server and if the user does not exist or the password is wrong, the authentication will fail. Microsoft Documentation on Cached and Stored Credentials Technical Overviewhttp://technet.microsoft.com/en-us/library/hh994565(v=ws.10).aspxhttp://support.microsoft.com/kb/913485?wa=wsignin1.0