AD Permission: 'User must change password at next login option' not available

Posted on 2007-10-11
Last Modified: 2008-05-31
2003 AD:

One of the child domains in our forrest has a universal group that has the ability to create users and change passwords, but they do not have the ability to check the 'User must change password at next login option' when resetting a password; it's grayed out for them.  What permission would this group need in order to select this option?

Question by:roberts0909
    LVL 12

    Accepted Solution

    LVL 26

    Expert Comment

    Have a look at following:;en-us;296999

    Hope this helps!
    LVL 26

    Expert Comment

    Ohoh! sorry Network_Data_Support.
    LVL 12

    Expert Comment

    lol no worries great minds and all that

    Author Comment

    Heh, pretty close together.  I sent the KB to the admin for that domain, we'll see if it fixes his issue.


    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    I came across this issue when setting up a two way forest level trust. so here's the scenario: A company wildcards acquired another company, bizworks ( both Fictitious). Wild cards: windows 2003 Domain & forest functional levels - Ad domain na…
    Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now