Password Change Delay
In some configurations (Enforce Password History needs to be set to a value of two or more remembered passwords) AD may have a configurable password change delay. This might be noticed so that the user may be able to authenticate for a certain time period with both the old and the new password. This is not normally a security problem since the only valid passwords are the old and new user defined password. If the old password has been compromised then a password reset should be made by the administrator and also the "user must change password at next logon" flag should be set. Then the change will be immediate.
...