Here's the scenario:

I log into active directory and as an admin and check the 'user must
change password at next logon' for user x.

Then, I try to bind to active directory as user x and the bind fails
with the response:

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext
error, data 773, v893
HEX: 0x773 - user must reset password
DEC: 1907 - ERROR_PASSWORD_MUST_CHANGE (The user's password must be
changed before logging on the first time.)
LDAP[pwdLastSet: <value of 0 indicates admin-required password
change>] - MUST_CHANGE_PASSWD
NOTE: Returns only when presented with valid username and password/
credential.

Now, what am I supposed to do from the LDAP client next to actually be
able to change the password? Since the bind failed, I can't really
change any password attribute on the active directory server!