Create new user, flag force change the password

Hi, I have the following scenario.
Keycloak connected with Activedirectory in wirtable mode. Users connect to their computers using AD /linux and windows sistem operating). We have a java application with integrate keycloak and we want the users to be those from AD. We are developing a application to manage users.
The problem is that when we register a new user from keycloak, it is created well. The user logs in to windows or linux, these force change the password (which is correct and logical) but when I enter keycloak with that user, it asks me to change the password again.
If we create the user and enter through keycloak, it forces us to change the password. We log in to windows and we took the change and it does not request that we change it, which is correct.
From where I can see why it follows that flag activated and does not synchronize.