|Applies To||RSA IMG 6.8.1xx, 6.9xx|
Active Directory on Windows 2003
|Issue||User resets his password sucessfully but can login using the new and old password.|
|Cause||Microsoft Windows Server 2003 Service Pack 1 (SP1) modifies NTLM network authentication behavior. After you install Windows Server 2003 SP1, domain users can use their old password to access the network for one hour after the password is changed.|
Go to the following link http://support2.microsoft.com/?id=906305 and follow steps "How to change the lifetime period of an old password."