When you try to change or reset the password of a user account, you might find the checkbox “User must change password at next logon” is greyed out, so you can’t choose this option.

In this tutorial we’ll show you how to enable the “User must change password at next logon” option that is greyed out for Windows local or domain user account.

For Windows Local Accounts:

Open the Computer Management. Expand System Tools, then Local Users and Groups, then Users. Right-click on your local account and select Properties from the context menu.

This will open the Properties dialog box. Uncheck the “Password never expires” box and you’ll then find the “User must change password at next logon” option is enabled. Click Apply and then OK.

For Active Directory User Accounts:

In Windows Server with Active Directory installed, open the Active Directory Users and Computers MMC snap-in (start->run->dsa.msc). Right-click on your domain user and select Properties.

Click the Account tab. Under the Account options section, uncheck the “Password never expires” checkbox and click OK.

Now you should be able to reset the password and force the domain user to change it at next login.