Actually i already create an agent to create user ID with default password. I want to force user change the internet password and Notes ID password for the next login. Is there a way using lotus script method to change it? or Admin still need to go each of the user profile to tick that function.

Here is my agent code that create ID

Sub Initialize
    '   this agent use on [register] button locate on [request form] xpages

    Dim s As New NotesSession, db As NotesDatabase, a As NotesAgent
    Dim doc As NotesDocument
    Set db = s.Currentdatabase
    Set a = s.Currentagent
    Set doc = s.Documentcontext     '   uidoc 

    Dim certid As String 'full path of cert id
    Dim certpasswd As String
    Dim OU As String
    Dim lastname As String
    Dim firstname As String
    Dim middleinit As String
    Dim usrIdpath As String
    Dim mailsvr As String
    Dim mailfile As String
    Dim userpasswd As String
    Dim internetpath As String

    Dim depvw As NotesView, depdoc As NotesDocument
    Set depvw = db.Getview("Department sort by dept")
    Set depdoc = depvw.Getdocumentbykey(doc.Dept(0), True)
    If Not depdoc Is Nothing Then
        certid = depdoc.IdPath(0)                   '   full path of cert id
        certpasswd = depdoc.IdPassword(0)               '   Cert id password(password)
        OU = ""                         '
        lastname= doc.Name(0)                   '   current document selected mail (person)
        firstname = ""                      '   [din't used]
        middleinit = ""                     '   [din't used]
        usrIdpath = depdoc.DptIdStor(0) +doc.SelectMail(0)+ ".id"   '   user path
        mailsvr = depdoc.MailSvr(0)                 '   mail svr
        mailfile = depdoc.MailLocation(0)+doc.SelectMail(0)         '   Mail\Person
        userpasswd= depdoc.UserPassword(0)          '   User password
        internetpath = doc.SelectMail(0)+depdoc.InternetPath(0)     '   mail address

    End If

    Dim reg As New NotesRegistration
    Dim dt As Variant
    dt = DateNumber(Year(Today)+1, Month(Today), Day(Today))

    reg.RegistrationServer = mailsvr        '"CN=ServerOne/O=dev"
    reg.CreateMailDb = True                 '
    reg.CertifierIDFile = certid            '"C:\IBM\Domino\data\office.id"
    reg.Expiration = dt
    reg.IDType = ID_HIERARCHICAL
    reg.MinPasswordLength = 1               ' password strength
    reg.IsNorthAmerican = True
    reg.OrgUnit = OU                ' "" empty ..will just follow certid registration
    reg.RegistrationLog = "log.nsf"
    reg.UpdateAddressBook = True
    reg.StoreIDInAddressBook = True
    reg.MailInternetAddress =  internetpath 


    Call reg.RegisterNewUser(lastname, _    ' last name
    usridpath, _                '"C:\IBM\Domino\data\ +name+.id"    ' file to be created
    mailsvr, _                  '"CN=ServerOne/O=dev"               ' mail server
    firstname, _                ' first name
    middleInit, _               ' middle initial
    certpasswd, _               '"office"                           ' certifier password
    "", _                                       ' location field
    "", _                                       ' comment field
    mailfile, _                 '"mail\person.nsf"                 ' mail file
    "", _                                   ' Forwarding domain
    userpasswd, _               '"password", _                   ' user password
    NOTES_DESKTOP_CLIENT)               ' user type

    Print "Please wait ...... Registration in progress"
End Sub

Question 1: how to force user change notes password next login

Question 2: how to force user change internet password next login

Question 3: Is it possible every times create a notes ID will auto save to ID vault? For my understanding, ID vault is a database that store all ID in. If i am wrong, please let me know. Thanks!

Not sure reg ID Vault, but for password change, I think you can just set the field HTTPPasswordForceChange = "1"?

I answered your question no 2 in your other question.

Question 1 and 3 are closely related:

First of all set up an ID- Vault in your domain. It really is a MUST HAVE nowadays in domino. And it is a easy 1-2-3 step when following the administrator help. After setting up the vault the ID will automatically be uploaded to it as soon as you register users for a certifier that has the vault assigned via hierarchical policy.

That said: I would NEVER store user ids in the address book as EVERYBODY can access it from there and pretend to be that user (given he can quess your default password / the given password).

To force a user to change the Notes- password after first login I also use the id vault: Whenever you change a users' password using the vault it will automatically force the user to change it after the next login:

And it is a simple one-line- code:

Call s.Resetuserpassword( mailsvr, "CN=User/O=dev", userpasswd )

The hardest thing here is to get the rights correct in your vault (set the option to be allowed to use the vault programmatically for the signer of your code and the agent it runs on)