-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

What options that you've found out there have you tried so far? The
language used does not matter as long as you're going through LDAP, so
while I cannot tell you anything about .NET-specifics for this question,
you should just need to specify the old password to be removed before
adding a new password; for me this even works as an admin resetting an
old password (vs. actually making the change directly by binding as the
user themselves):

dn: cn=user,ou=context,o=goes,dc=here
changetype: modify
delete: userPassword
userPassword: oldPasswordGoesHere
- -
add: userPassword
userPassword: newPasswordGoesHere

Note that this is all done in one transaction with just the hyphen on
the one line between the two attribute changes. If you split them out
the LDIF is no longer valid and you'll get an error on the second part
if not the first part (because removing the password entirely would be
weird).

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQLT7fAAoJEF+XTK08PnB5tLgP/ip/yTVQKenoeJahqbZTfuzQ
cntRZFfUKKoiNbQV9C3ldNvjFWwqkLsGkEOYI6Dk4kB/pSwv3q99w+bpQeA73HH0
KoJ9cWvO1mHyI9vcPtcT48TOHjwPH6BEaEIvMqBi4I8T8zXIEx kPbdc6r40EQNVg
xsWyIyqbz+HtFyOanO97B3cmno/+MtHyIYoTUw7D6DX3Sc3/PIHWJLbF8uoAT19a
Ye07Ya9Sg0OKRPbqoC3uxyE9ZQrGBDAYxRHZpxt57QXwkOg9Z3 FFySZtGPGVlWFf
w1fjjgg6n1jynrs5bhWYsuEYDVFvZfy4HUftg0TMjrHNBUV9ll S0Qyw1T0AMrQNx
53lEGbrPHyViHytuGVlxvaHB37HZc5m8e0vCg0Ae/4McA0RLF3T3mQR6WqtiWUA0
mFayddn5UGjspMR299RkAGUMw5L4N3wEMiVihpR82j6iBWYbyL b7SUFmAakxIvxz
DEDOyNRQbQNRnNkxV/9ZmXkNkfi0hU285uSXsbThP0w6QrBfHOvP9VY40ahB/c8Z
jA11zKxtucvGdUuMW8W2XP/nkB3YAcjVWnR1uI9QfSzGwPMtwXJyZqVdnxNjDATi
cE1N0wG9/K/iYFpwF0K1by8PHf8wsk/hNyCtF1zCIU92EF3of5R5o86dWbBJ4Pv1
9ERRFw/MYRl5QnVo06jP
=P9Cr
-----END PGP SIGNATURE-----