When I reset user passwords in Active Directory
on Windows Server 2008
or Windows Server 2012
and check the option User must change password at next logon
it prevents users from being able to login.
However when I do not check this option and reset their password and unlock their account the users can login successfully. This obviously present a bit of a security issue.
I'm not versed enough in AD to know why this is occurring, has anyone seen this before?