Hello @michal ,
Thank you for posting here.
I agree with Miguel Fra.
As I understand, if the password for new user meets the length, complexity, or history requirements of the domain. It should be "Minimum password age 10 days" caused the problem.
I did a test in my lab as below:
Here is the domain password policy setting:
PS C:\windows\system32> net accounts
Force user logoff how long after time expires?: Never
Minimum password age (days): 7
Maximum password age (days): 999
Minimum password length: 1
Length of password history maintained: 24
Lockout threshold: 2
Lockout duration (minutes): 30
Lockout observation window (minutes): 30
Computer role: PRIMARY
The command completed successfully.
Test steps
I create two domain user, one is daisy5 and the other is daisy6.
Daisy5 with checking user must change password at next logon
Daisy6 without checking user must change password at next logon.
When I logs in one domain client with daisy5, it prompts I must change password. I can change the password for daisy5 successfully.
When I logs in one domain client with daisy6, it does not prompts I muct change password. Then I change password but I can not.
Hope the information above is helpful.
Best Regards,
Daisy Zhou