Hello i created taskpads for remote admins to reset passwords for folks at their site.I created a group for admins and gave delegation on site OU. The problem is for doing "force change password on next logon", there are certain permissions on user objects which needs enabled. So i enabled "ReadPWDLastSet" and "WritePWDLastSet" as well as "Password Reset" on user objects for admin group. Unfortunately when the right click on the user, the "User must change password on next logon" is greyed out, but in User Properties->Account tab, "User must change password on next logon" is not greyed out and they can select it. Why is it happening what attributes they need to have it enabled when they do "Right Click and reset password.".
Sorry if question is too long, but let me know of any clarifications needed.Thank you.
Best Answer
There is a bug in Server 2003 that causes this to happen. The a MS KB article that fixes exactly the problem you are describing. If you have already obtained the relevant service pack, then perhaps @EvanAnderson's answer would help you out.
http://support.microsoft.com/kb/832481