diff --git a/cmd/admin_user_create.go b/cmd/admin_user_create.go
index 340ea072d5..81b6f87a31 100644
--- a/cmd/admin_user_create.go
+++ b/cmd/admin_user_create.go
@@ -158,7 +158,8 @@ func runCreateUser(ctx context.Context, c *cli.Command) error {
 	}
 
 	isAdmin := c.Bool("admin")
-	mustChangePassword := true // always default to true
+	// Only local, existing, regular users should be forced to update their password. Bot users for example are non-interactive
+	mustChangePassword := userType == user_model.UserTypeIndividual
 	if c.IsSet("must-change-password") {
 		if userType != user_model.UserTypeIndividual {
 			return errors.New("must-change-password flag can only be set for individual users")
diff --git a/cmd/admin_user_create_test.go b/cmd/admin_user_create_test.go
index f3794c5dff..ece2e8869d 100644
--- a/cmd/admin_user_create_test.go
+++ b/cmd/admin_user_create_test.go
@@ -63,6 +63,7 @@ func TestAdminUserCreate(t *testing.T) {
 		u := unittest.AssertExistsAndLoadBean(t, &user_model.User{LowerName: "u"})
 		assert.Equal(t, user_model.UserTypeBot, u.Type)
 		assert.Empty(t, u.Passwd)
+		assert.False(t, u.MustChangePassword, "bot users should not be forced to change password")
 	})
 
 	t.Run("AccessToken", func(t *testing.T) {