"Allow password change only" as default

Hello there,

I'm trying to  set up my company's teamviewer. In this context, I have tried with your AD connector software and as such it works fine. When I create a user through an AD group, the user gets an email that an teamviewer account have been created and they need to activate their account. Everything is fine so far. After that they have to log in and this is where the problem occurs. They did not receive any auto generated code despite "Create accounts with generated password" is selected in the AD connector. However, this would not be a problem if only they were allowed to request a password change afterwards. There are a nice description in the mail they receive on how to request a new password. When they click the link and following the instructions, they are told that they do not have permission to change the password.
This seems a bit silly as they neither know the pre-defined password nor are allowed to change it.
Then I came across this article: https://community.teamviewer.com/t5/Knowledge-Base/User-Permission-Control-Management-Console/ta-p/26649#toc-hId--**Please do not post TeamViewer IDs**
However, I just think the idea goes a bit off the AD connector if we have to go in and make that changes afterwards on each user we auto create.
I do not know if this is possible to solve? I have searched far and wide ...

Regards

Jakob