In my tests with ldap3 I:

1. Added the user account without those attributes.

2. Setted password with:

   conn.extend.microsoft.modify_password(user=dn, new_password=pwd, old_password=None)

3. Setted only userAccountControl:

   conn.modify(user_dn, changes = { "userAccountControl": (MODIFY_REPLACE, [512])})

When I setted pwdLastSet to zero, as @ElPalomo mention, I can't authenticate user/password.