Is it possible to use the DirectorySearcher to check if a password is in the user's password history? I assume I want to query against the AD's ntpwdhistory property. Of course, those passwords are encrypted. So do I have to encrypt the password before I try to send in the search, or is DirectorySearcher (or rather, the underlying api) smart enough to do this for me? Other ideas on how to accomplish this?