Administrative password resets on a RACF system result in the new password being marked as expired. The user must change the password immediately upon using it for the first time. Administrative password resets in eDirectory result in similar behavior if periodic password changes are required.
The driver cannot detect that a new password is marked as expired, and RACF provides no mechanism to mark an existing password as being expired.
Users should be instructed to change the password upon first usage after an administrative password reset even if the system does not prompt them to do so.