I'm trying to grant a service account permissions to reset password for other user accounts but it's not working as expected. I've read many articles regarding this but didn't get the desired outcome. I got to the point where the service account is able to reset password for other users but they need to set a new one when they log on. On the reset password dialog the option "User must change password at next logon" is available and the service account can check/uncheck it but it doesn't count, the user has to set a new password no matter what. Under account options the service account is able to check this option but it can't uncheck it. What am I missing here? How can I accomplish this?