I need to figure out what the best practice for users changing their
passwords is.

Had a user change their edir password yesterday on a windows 7 computer
running client 2 sp2 (ir3), changed it via ctrl-alt-del.

Today they were unable to login unless they used their old password,
the one they changed *from* yesterday.

We seem to have this happen from time to time with a few users, what

We are all OES, some 11, some 2sp3, running edir 8.8 sp6, do have a
DSFW domain, and this user is on a VM that is in our domain. We *have*
had this happen with regular computers/users *not* in our DSFW domain
as well.