A user in my company forgot his password and I had to reset it to a temporary one. I checked the box that says "User Must Change Password at Next Logon".
When he logged on and entered the temporary password and two times his newly chosen password and confirmed, an error message popped up saying: "The password on this account cannot be changed at this time."
Looking at our group policy settings (see below), I assume it has to do with the minimum password age. I have the minimum password age set to 90 days, so a user who is forced to change his password cannot immediately revert the change to his old password. But how do I deal with the process of resetting a users password then, if the user is unable to change it to a permanent one within the minimum password age period?
C:\>net accounts
Force user logoff how long after time expirest?: Never
Minimum password age (days): 90
Maximum password age (days): 365
Minimum password length: 7
Length of password history maintained: 4
Lockout threshold: 5
Lockout duration (minutes): 10
Lockout observation windows (minutes): 5
Computer role: WORKSTATION
The command completed successfully.