SecureAuth IdP Version affected: All versions
When using Enforce Password Change Requirement, after users change their password, the InvalidOriginalPassword Error pops up. This causes neither the original nor the new password to work.
Enforce Password Change Requirement sets two passwords in Active Directory -- one randomly generated password, and the new password the user is setting. The purpose of setting the randomly generated password is for the IdP to verify the password complexity requirements. This causes issues if the connection string is not pointed to the primary DC.
Change the connection string to point to the primary DC instead of the FQDN.