To generate randome password use-
System.Web.Security.Membership.GeneratePassword(int length, int numberOfNonAlphanumericCharacters)
You need a flag in database to identify whether the password is updated on reset or updated by user. This updation has to be performed at reset functionality.
Now, in login functionality check if user has logged in with pasword that has the reset flag then redirect to change password page.
Does this idea make any sense to you?
Hope, it helps :)