How to change password to an arbitrary string and re-apply the password policy using LDAP and C#?

Hi I am trying to reset a user's password to 'reset' then for the user to change it once they log in. Since we have some rules in our password policy to disallow such a simple password, we first remove the policy then set the password then reapply the policy. However when they login and try to change their password, using one of the old passwords still works. We have pwdInHistory value set to 5. Here is the code:

 de.Properties["pwdPolicySubentry"].Value = "";
 de.CommitChanges();
 changePas开发者_JS百科sword(uid, "", "reset");
 de.Properties["pwdPolicySubentry"].Value = POLICY;
 de.CommitChanges();

Your LDAP may support RFC3062, i.e. it can generate a new policy-compliant password for you. Eliminates the entire problem.