Forced password change when MacOS first logs in to account

I tried to add a script to the workflow. In this script, I used pwpolicy to force the user’s password to be expired. Therefore, it should be the first time that the password is used to log in to MacOS for the first time, and a new password must be changed.
However, I added this script to the workflow script. It seems that it does not execute correctly. Can anyone share a similar script?