Firstly, a technical answer:
Configure the minimum password age to be more than 0 if you want
Enforce password history to be effective. Without a minimum password
age, users can cycle through passwords repeatedly until they get to an
old favorite.
http://technet.microsoft.com/en-us/library/cc779758(v=ws.10).aspx (Server 2003)
http://technet.microsoft.com/en-us/library/hh994570(v=ws.10).aspx (Server 2008 / Windows Vista Onwards)
So, that's a good reason for it not to be 0. Additionally, according to those articles:
Default
1 on domain controllers.
0 on stand-alone servers.
So, in other words, the default is the minimum you need to be able to enforce a password history.
Now, personally, I don't think there is a valid security reason to enforce minimum password ages but there could be some practical / human reasons. For example, you may restrict the number of password changes to cut down on the number of "Forgot my password" calls. I could see this being practical for high school students, perhaps.
Finally, it's worth bearing in mind that these limits do not apply to manual password resets from with Active Directory Users & Computers. So a user could always ask the Sysadmin for help if they really need to change their password.
It appears that your default domain policy is enforcing minimum password complexity- you will probably need to edit Group Policy if you want to change this behaviour.
From Microsoft:
"Password must meet complexity requirements
This policy setting checks all new passwords to ensure that they meet basic requirements for strong passwords. By default, the value for this policy setting in Windows Server 2008 is configured to Disabled, but it is set to Enabled in a Windows Server 2008 domain for both environments described in this guide.
When this policy setting is enabled, users must create strong passwords to meet the following minimum requirements:
Passwords cannot contain the user's account name or parts of the user's full name that exceed two consecutive characters.
Passwords must be at least six characters in length.
Passwords must contain characters from three of the following four categories:
English uppercase characters (A through Z).
English lowercase characters (a through z).
Non-alphabetic characters (for example, !, $, #, %).
Each additional character in a password increases its complexity exponentially.
For instance, a seven-character, all lower-case alphabetic password would have 267 (approximately 8 x 109 or 8 billion) possible combinations.
At 1,000,000 attempts per second (a capability of many password-cracking utilities), it would only take 133 minutes to crack such a password.
A seven-character alphabetic password with case sensitivity has 527 combinations.
A seven-character case-sensitive alphanumeric password without punctuation has 627 combinations.
An eight-character password has 268 (or 2 x 1,011) possible combinations. Although this might seem to be a large number, at 1,000,000 attempts per second it would take only 59 hours to try all possible passwords.
Remember, these times will significantly increase for passwords that use ALT characters and other special keyboard characters such as "!" or "@".
Proper use of the password settings helps to prevent the success of a brute force attack."
Source: http://technet.microsoft.com/en-us/library/cc264456.aspx
Best Answer
The minimum password age only affect the users ability to "change" their own password. It does not affect admins or account operators from being able to "reset" someone else's password. The "must change at next logon" does an override on the minimum password value, because after an admin does a reset, you want the user to choose a new password.
Is your problem particular to that one user? Suspect there is a strange or bad ACL on that user. Check to see that their account has: Self / Change Password / Allow, and that there are no Change Password / Deny ACLs.