How to validate domain credentials without considering the Cached Domain Credential

Question already has an answer Why does Active Directory validate last password?

Solution is to use a Kerberos authentication.

The following code shows how you can perform credential validation using only Kerberos. The authentication method at use will not fall back to NTLM in the event of failure.

private const int ERROR_LOGON_FAILURE = 0x31;private bool ValidateCredentials(string username, string password, string domain){    NetworkCredential credentials        = new NetworkCredential(username, password, domain);    LdapDirectoryIdentifier id = new LdapDirectoryIdentifier(domain);    using(LdapConnection connection = new LdapConnection(id, credentials, AuthType.Kerberos))    {        connection.SessionOptions.Sealing = true;        connection.SessionOptions.Signing = true;        try        {            connection.Bind();        }        catch (LdapException lEx)        {            if (ERROR_LOGON_FAILURE == lEx.ErrorCode)            {                return false;            }            throw;        }    return true;}

you might try something like this

try{    using (var directoryEntry = new DirectoryEntry(ldapPath, userName, password))    {        var invocation = directoryEntry.NativeObject;        return true;    } } catch (Exception ex) {     return false; }