1: got to your 2008 server, look at ADUC select multiple users to make the change to.
2: Right click and go to properties
3: Accounts Tab
4: Select the first and second check box for "Users must change password at next logon" attribute
now come the change
5: you have to check “User cannot change password” and “Password never expires” by selecting the First Check Box only on the two atributes below.
choose ok
now if you go back and look at any of the users you will see that the "Users must change password at next logon" tick box is now ticked ;-)
ok why is this your going to ask, and why is it by design.
well if you think about it, say you want to bulk update 100 users and out of thoses 100 users 4 of them have
"User cannot change password" then think what are you trying to do at the moment "Users must change password at next logon" so theres going to be a conflick and issues will arise where the user has not got the right to change there password even though they are being told they must.
checking thoses first two boxes clears the "User cannot change password" out of thoses 100 users and then aloows the user to change there password at next logon ;-)
i hope this has made sense to every one and come in handy,