Active Directory Unable to reset user passwords

Option A – Reset the password directly in ADUC

Instead of setting “User must change password at next logon,” reset the password manually:

Open Active Directory Users and Computers (ADUC).

Right-click the user → Reset Password.

Check “User must change password at next logon.”

Then, ensure the user logs on from a domain-joined machine connected to the network, not through RDP or cached credentials.

Option B – Allow password change through Ctrl+Alt+Del

If users need to change passwords remotely, enable the option to change password at logon:

At the logon screen, the user selects Other user → “Sign-in options” → “Change a password” (or press Ctrl+Alt+Del → Change a password).

This requires network connectivity to the DC.

If this fails, check firewall/port access to DCs (TCP/UDP 464, 389, 445).