I helped an IT Admin change his password.
I went to the User in ADUC or AD Users and Computers tool on the DC and did this:
I reset the password with a random password and checked the box: The User must change the password at the next logon.
This did not change the password and the User wasn't prompted to change the password!
I reset the password with a known password and UNchecked the box: The User must change the password at the next logon.
This did change the password and the User wasn't prompted to change the password - just as expected.
The user tried to change his own password using ADUC and Access was Denied.
Does any of this ring a bell?
I did find this:
but it seems a somewhat different case.
The domain User has some limited domain admin privileges and is in a User OU with others of that type.
I've forced replication. We do try to limit immediate actions to the same DC when making the changes and testing them.
I don't see that there is an "affected computer"...
The minimum password age is "0".