In our Active Directory setup, some users will be accessing domain resources (shared folders on the network, specifically) from non-domain computers. Only users from the domain have permission to access these shared folders, so Windows prompts the non-domain users for credentials when they try to access said folders. A user can then enter their domain username and password, and afterwards they can access their files without a problem.
This all works fine, except when a user is required to change their password. For example: when a new user is set up, I would like to provide them with a random password which they would be required to change before authenticating. If they were using Remote Desktop, the RDP client would prompt them automatically for a new password before logging them in, but when accessing a file share through Windows Explorer, Windows only gives them a message insisting that they must change their password before using their account before promptly denying them access without any way to do so.
So the question is: how can I provide a user the ability to change their own password?
Note: There are no Remote Desktop servers in the environment which they could connect to (only the domain controller).