The "user must change password at next logon" option is only helpful when users log on interactively at a console. This was true for NT4 also. Your Web application will need to know how to recognize that the user's password needs to be changed and prompt them for it. Unfortunately, there's nothing built into Windows 2000 to allow this to happen automatically with a browser.
This was first published in January 2003