I can create an account for a helpdesk tech, but I want to force them to change their password on their initial login.

Currently, the 'welcome email' sends the password in plaintext through email, which is a ridiculous security risk in itself. After that, I have no real way of forcing the user to change their password.