IIRC if you have password expiration set up (or possible the "password never expires" option checked) then this will be the case. There is another permission that needs to be set to allow the password expiration to be altered temporarily (which is what you are doing behind the scenes when you tick the change password at next logon).
Not quite sure which one it is without having a proper look, money is on one of the items in the user objects dropdown, however it might only be a permission exposed through ADSI edit. Have a play, if you're still stuck give us a shout.
Sounds abit soon but i am stuck, i have been playing since i made my last post with no result. We have no password eexpiration setup.
Thanks for all your help
Sorry, edited my post whilst you were posting:
If you have the "password never expires" option checked this may also grey out the change password on next logon for staff.
Nope thats not checked.
Originally Posted by rob_f
I've found the only way this works properly is to give staff 'Account Operator' privledges in Active Directory. This allows them to change users passwords, but not administrators passwords obviously!
It is quite a high permission to give, as potentially they can affect any Users account on the system, but it's the only way we can get it to work. To stop this our password reset program is multiple choise, so they can't change staff passwords.
I had trouble using the delegation wizard it wouldnt let the staff I delegated to change the passwords. I ended up setting the permissions manually on the users. it was something like there were 2 different setting such and change password and reset password.