I've recently set up a new domain using 2008 R2 SP1 and as such, when I created all the users, I used a default password for all of them.
After a week of testing, I was ready for the users to set their own password, so I updated group policy to reflect my wish to turn complex passwords on etc then from within AD I forced all users to change password at next logon.
I now have a number of users who cannot change their password, no matter what they use (they meet the requirements) the passwords are rejected and cannot be changed.
I have now removed all requirements for passwords from within Group Policy, forced a GP update but still the users cannot set a password.
Setting a PW from within AD works fine - this is just from the workstations.
I'm out of ideas... anyone seen this before?