usrmgr, which creating a new user ticking "user must change password on next
logon" doesn't take effect when using smbk5pwd overlay
This is because smbk5pwd changes sambaPwdLastSet to the current time during the EXOP password change.
In order for this to work samba must change the password first(via exop), then set sambaPwdLastSet to zero.
looking into this one.