The "User must change password at next logon" check box is not automatically selected after you modify the "Maximum password age" policy in a Windows Server 2003 or Windows 2000 environment

In a Microsoft Windows Server 2003 or Microsoft Windows 2000 environment, you modify the Maximum password age policy in either the local security policy or the domain security policy. However, the User must change password at next logon check box in the Properties dialog box for all user accounts is not automatically selected as expected.

When you change the Maximum password age policy in Microsoft Windows NT 4.0, the User must change password at next logon check box in the Properties dialog box for all user accounts is automatically selected. This behavior was changed in Windows Server 2003 and in Windows 2000.

When you change the Maximum Password Age policy in Group Policy in Windows Server 2003 or in Windows 2000, the User must change password at next logon setting for all user accounts remains unchanged. Additionally, users whose passwords have expired are prompted to change their respective passwords when they log on to the domain. This is true even if the User must change password at next logon check box is not selected.

To programmatically enable the User must change password at next logon setting, visit the following Microsoft Web site, and then use the sample code in the "Script Code" section: