If a custom policy is created which enforces a value of TRUE on edsvaUserMustChangePasswordAtNextLogon, this checkbox is checked off and greyed out on the New User Creation screen, as expected.
On the Reset User Password screen, although the checkbox is checked off, it is possible to deselect the checkbox. However, it is not possible to continue due to a policy violation.
This is a confirmed display-only issue. All Active Roles clients respect the policy value which is enforced.
This issue is being tracked as Defect ID 754851.
Waiting for fix in a future release of ActiveRoles Server.