If you are using LDAP authentication via AD then the passwords are not stored in the Openfire server they are stored in AD. There is no sync of the passwords. Are you using SSO or do the users have to enter a username and password to sign in via spark? Could it be that the users have save the password and set spark to auto-login? If you are using LDAP for authentication you need to instruct the users not to save the password in Spark.
Thanks for the reply , we installed the server about 6 months ago rather quickly and i was not aware if sso i will have a look at the sso doc (http://www.igniterealtime.org/community/docs/DOC-1060) and see if this is a reasonable solution . currently the users enter their password into spark which happen to be there windows domain passwords.