OK, with Samba4 you cannot use a gpo to set when a users password
expires, you have to use Samba-tool for this, you will also have to use
samba-tool to change password complexity.
To make a user change their password, you need to change the
'pwdLastSet' attribute in the users AD object to '0'
To stop a users password expiring you need to change the
'UserAccountControl' attribute in the users AD object, this normally
will contain '512' if the user is enabled and '514' if the user is
disabled. To stop the password expiring you need to add '65536' to
whatever is there now (unless, of course, it is already larger than 65536).
How you do this is up to you, you could use ldbmodify, ldapmodify,
ldbedit or from ADUC.
See here for more info about UserAccountControl :
https://support.microsoft.com/en-gb/kb/305144