It is a common practice to set initial user passwords and then require the user to set a new password when they initially log in.
The SMA can be configured to notify users when their password is expiring and allow users to change their passwords.
Under System Configuration > Authentication Servers > Edit (on an active Directory Server) > Advanced scroll down to Password Management:
"Allow user to change password when notified" should be enabled.
If "Allow user to change password when notified" is not enabled and the user is required to change the password on their initial login they will be prevented from logging in.
With "Allow user to change password when notified" disabled a user with a valid password that expires in the future, would initiate a password change themselves while logged in. Disabling this option might be used by administrators to identify users who do not change their passwords promptly when required. It prevents a user with an expired password to change their password.
A user required to change their password on next login are blocked from accessing the system with this setting disabled.
"Allow user to change password when notified" should be enabled uunless the administrator intends to prevent users with expired passwords from setting a new password.