Celero, where did you setup account for those users, those were not in your Active Directory? In Kentico database or in the Active Directory?
In case those accounts are in Kentico database (this requires mixed authentication mode - Forms + AD), you can configure this in Kentico settings in Sequrity & Membership -> Passwords -> Passwords expiration.
If you created those accounts in Active Directory - I don't think there is an option to update password through Kentico, they should do that through their desktop.
You might need to configure your application to use Windows + Forms authentication mode, so you'll be able to manage corporate accounts in Active Directory and non-corporate in Kentico.