When you change the Maximum Password Age policy in Group Policy in Windows Server 2003 or in Windows 2000, the User must change password at next logon setting for all user accounts remains unchanged. Additionally, users whose passwords have expired are prompted to change their respective passwords when they log on to the domain. This is true even if the
User must change password at next logon check box is not selected.
To programmatically enable the User must change password at next logon setting, visit the following Microsoft Web site, and then use the sample code in the "Script Code" section:
Article ID: 927054 - Last Review: Jan 4, 2008 - Revision: 1