I have scripted UserMCP.bat to set User must change password at next logon and optionally reset the password.

The syntax for using UserMCP.bat is:

for /f "Tokens=*" %%a in ('UserMCP SAMID \[NewPassword\]') do set OK=%%a

Where:

<b>SAMID</b>       is the user logon name, <b>sAMAccountName</b>.

<b>NewPassword</b> is an optional new password, that must conform to the domains password policy.

<b>OK</b>          is set to <b>Y</b> if the operation was successful, or <b>N</b> if it failed.
UserMCP.bat contains:
@echo off
if \{%1\}==\{\} @echo Syntax: UserMCP SAMID \[NewPassword\]&goto :EOF
setlocal
set sam=%1
set OK=N
for /f "Tokens=*" %%a in ('net user %sam% %2 /domain^|find /i "The command completed successfully."') do (
 set OK=Y
)
if "%OK%" EQU "N" goto finish
if exist "%TEMP%\UserMCP.vbs" goto start
@echo.On Error Resume Next>"%TEMP%\UserMCP.vbs"
@echo.Dim objConnection, objCommand, objRootDSE, strDNSDomain>>"%TEMP%\UserMCP.vbs"
@echo.Dim strFilter, strQuery, objRecordSet, objArgs, usr>>"%TEMP%\UserMCP.vbs"
@echo.Set objArgs = Wscript.Arguments>>"%TEMP%\UserMCP.vbs"
@echo.sam = objArgs(0) >>"%TEMP%\UserMCP.vbs"
@echo.Set objConnection = CreateObject("ADODB.Connection") >>"%TEMP%\UserMCP.vbs"
@echo.Set objCommand = CreateObject("ADODB.Command") >>"%TEMP%\UserMCP.vbs"
@echo.objConnection.Provider = "ADsDSOOBject">>"%TEMP%\UserMCP.vbs"
@echo.objConnection.Open "Active Directory Provider">>"%TEMP%\UserMCP.vbs"
@echo.Set objCommand.ActiveConnection = objConnection>>"%TEMP%\UserMCP.vbs"
@echo.Set objRootDSE = GetObject("LDAP://RootDSE") >>"%TEMP%\UserMCP.vbs"
@echo.strDNSDomain = objRootDSE.Get("defaultNamingContext") >>"%TEMP%\UserMCP.vbs"
@echo.strBase = "<LDAP://" ^& strDNSDomain ^& ">" >>"%TEMP%\UserMCP.vbs"
@echo.strFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" ^& sam ^& "))" >>"%TEMP%\UserMCP.vbs"
@echo.strAttributes = "distinguishedName,pwdLastSet">>"%TEMP%\UserMCP.vbs"
@echo.strQuery = strBase ^& ";" ^& strFilter ^& ";" ^& strAttributes ^& ";subtree">>"%TEMP%\UserMCP.vbs"
@echo.objCommand.CommandText = strQuery>>"%TEMP%\UserMCP.vbs"
@echo.objCommand.Properties("Page Size") = 99999>>"%TEMP%\UserMCP.vbs"
@echo.objCommand.Properties("Timeout") = 300>>"%TEMP%\UserMCP.vbs"
@echo.objCommand.Properties("Cache Results") = False>>"%TEMP%\UserMCP.vbs"
@echo.Set objRecordSet = objCommand.Execute>>"%TEMP%\UserMCP.vbs"
@echo.objRecordSet.MoveFirst>>"%TEMP%\UserMCP.vbs"
@echo.Do Until objRecordSet.EOF>>"%TEMP%\UserMCP.vbs"
@echo.    strDN = objRecordSet.Fields("distinguishedName") >>"%TEMP%\UserMCP.vbs"
@echo.    usr = "LDAP://" ^& strDN>>"%TEMP%\UserMCP.vbs"
@echo.    Set oUser = GetObject(usr)>>"%TEMP%\UserMCP.vbs"
@echo.    oUser.Put "pwdLastSet", CLng(0) >>"%TEMP%\UserMCP.vbs"
@echo.    oUser.SetInfo>>"%TEMP%\UserMCP.vbs"
@echo.    objRecordSet.MoveNext>>"%TEMP%\UserMCP.vbs"
@echo.Loop>>"%TEMP%\UserMCP.vbs"
@echo.objConnection.Close>>"%TEMP%\UserMCP.vbs"
@echo.Set objConnection = Nothing>>"%TEMP%\UserMCP.vbs"
@echo.Set objCommand = Nothing>>"%TEMP%\UserMCP.vbs"
@echo.Set objRootDSE = Nothing>>"%TEMP%\UserMCP.vbs"
@echo.Set objRecordSet = Nothing>>"%TEMP%\UserMCP.vbs"
:start
cscript //nologo "%TEMP%\UserMCP.vbs" %sam%
:finish
@echo %OK%
endlocal