Type <b>NET USER /?</b> in a CMD shell and see the syntax for the <i>password </i>option
Afraid NET USER is not applicable for AS400.
To make a program to reset the password, you create the program as you would normally, then you run CHGPGM to change the USRPRF to *OWNER, then you use WRKOBJ to change the owner to a user which has *SECADM.
This causes the program to run under the “adopted” authority of the user with *SECADM.
Right – program adopts authority of *SECADM
add chgusrprf password(‘XXXXXXXXXX’) status(*ENABLE) expired(*YES)
this will require the user to signin with the password XXXXXXXXX and change it immediately.
Note that *SECADM is not sufficient without authority also granted for the user profile being changed. If I have *SECADM and want to change the password for USERX, I still need *CHANGE authority to the USERX *USRPRF object. This helps to lessen the ability to take over particular profiles.
You can grant one profile *CHANGE authority to some set of user profiles, then give the one profile *SECADM special authority. From that, the chosen profile can work with that set of profiles plus be able to create new profiles. Any new profile cannot be given access to anything that the chosen *SECADM doesn’t already have. Profiles created by *SECADM are owned by him/her until ownership is reassigned.