ValidateCredentials的条件是返回false

我正在使用PrincipalContext的 验证证书 方法来验证进入活动目录的身份，但由于某些原因，尽管密码是正确的，而且没有过期，它还是返回false。我已经检查了用户的状态与 用户主体但尽管用户已被启用且未被锁定，它仍然返回false。我也确定最后设置的密码没有过期。

是否有其他因素使ValidateCredentials返回false？

使用的代码。

bool expired = false;
bool blocked = false;
bool disabled = false;
int failedLogins;

Resultado resul = new Resultado();
PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, Config.ActiveDirectory.Server,
                                                                            Directory,
                                                                            Config.ActiveDirectory.User,
                                                                            Config.ActiveDirectory.Pass);
UserPrincipal user = UserPrincipal.FindByIdentity(domainContext, userName);

if (user != null)
{
    disabled = (user.Enabled == null || !user.Enabled.Value);
    blocked = user.IsAccountLockedOut();
    expired = user.LastPasswordSet == null || DateTime.UtcNow.Subtract(user.LastPasswordSet.Value).Days >= Config.ActiveDirectory.MaxPassAge;

    failedLogins = user.BadLogonCount; 


    if (domainContext.ValidateCredentials(userName, password))
        resul.ResultCode = 0;
    else
    {
        user = UserPrincipal.FindByIdentity(domainContext, userName);

        if (disabled)
            resul.ResultCode = 7;
        else if (blocked)
            resul.ResultCode = 3;
        else if (failedLogins != user.BadLogonCount)
            resul.ResultCode = 2;
        else
            resul.ResultCode = 4;
    }
}
else
    resul.ResultCode = 1;
return resul;