Password management is one of the ongoing headaches in account management; as the password is typically the main security barrier for the account, there are many considerations when collecting passwords, setting initial account passwords, and handling password changes and forgotten passwords.
Some administrators choose to let users set their initial passwords. In such cases it's best to not keep a permanent record of the password the user picked (so that an intruder can't swipe such records to gain account access) and also best to provide a means for the user to directly set a password without an administrator knowing what it was. However, if the user forgets the password, he or she then has to go through the process again to set a different one.
Especially when creating large numbers of accounts, it may be easiest to generate new account passwords for users. In this case the problem of having centralized records exists, and often randomly-generated passwords are hard for users to remember and use (and users are prone to misread things like '1' and 'I' or '0' and 'O').
In either case it may be best to encourage the user to change his or her password on first login, the principle being that only that user and no one else should know his or her password. This can usually be accomplished through password expiration mechanisms provided in your system login programs.
Password expiration is used at some sites to encourage users to change their passwords on an occasional periodic basis, presumably so that even if their passwords are discovered they will be useful for only a limited time. However, this also tends to cause a lot of user frustration and users often pick passwords that are similar to each other, and hence easier to guess.
When users need administrator help to change passwords, an administrator should be careful to verify the identify of the user making the request and strictly refuse any third-party password change requests. This prevents third parties from taking over accounts.
Some sites also check for weak passwords, either right at change time (which helps in providing immediate feedback) or by doing periodic password cracking (which may identify weak passwords from manual password changes). Overstrict password requirements may frustrate users too, since it makes it harder for them to pick passwords they can easily remember.