I'm using .NET 4.0 and calling DirectoryEntry.NativeObject to validate a user's credentials against AD.

If the "User must change password on next logon" flag is set for the user in AD, the DirectoryEntry.NativeObject call throws a DirectoryServicesCOMException. I can then use information in the DirectoryServicesCOMException to determine whether the failure is because the change password flag is set.

This works on some Windows 2008 AD servers but on other Windows 2008 AD servers, instead of a DirectoryServicesCOMException being thrown, a COMException is thrown and I can't determine the cause of the failure as I don't have the same information as supplied by the DirectoryServicesCOMException.

I'm not sure what differences between the servers would cause different exceptions to be thrown.

Does anyone know why on some servers a COMException is thrown rather than a DirectoryServicesCOMException?

Does anyone know how to get additional information about the error if a COMException is thrown? The HRESULT is not enough.

Thanks.