I encountered an issue today that I can't seem to find any info on. I'm a domain admin using Windows server 2016 and I'm having a password reset issue. I was able to click the reset password window on AD, but the box for "user must change password on next logon" was grayed out which required me to change it instead of fully resetting it (Photo included). I found out that the graying out went away once we turned off passwords never expire. I checked each account and the issue persisted to each user account I checked, the only account that I checked that didn't have the graying out was my own. Is there a way we can allow a password to never expire and still be able to reset our users passwords allowing the change password on next logon?
If you have the password doesn't expire option enabled, the use will not be prompted to change, even if you manually set the PwdLastSet attribute to zero. You will need to remove the password doesn't expire option, then set change the password at next logon. Then once the user has changed their password, set the password doesn't expire again.