Fix: “User must change password at next logon” option greyed out in Windows

December 29th, 2016 by Admin Leave a reply »

When you try to change or reset the password of a user account, you might find the checkbox “User must change password at next logon” is greyed out, so you can’t choose this option.

user-must-change-password-next-logon

In this tutorial we’ll show you how to enable the “User must change password at next logon” option that is greyed out for Windows local or domain user account.

For Windows Local Accounts:

Open the Computer Management. Expand System Tools, then Local Users and Groups, then Users. Right-click on your local account and select Properties from the context menu.

local-account-properties

This will open the Properties dialog box. Uncheck the “Password never expires” box and you’ll then find the “User must change password at next logon” option is enabled. Click Apply and then OK.

windows-password-never-expires

For Active Directory User Accounts:

In Windows Server with Active Directory installed, open the Active Directory Users and Computers MMC snap-in (start->run->dsa.msc). Right-click on your domain user and select Properties.

domain-account-properties

Click the Account tab. Under the Account options section, uncheck the “Password never expires” checkbox and click OK.

domain-password-never-expires

Now you should be able to reset the password and force the domain user to change it at next login.