Incomplete and unested.

Determine the last time users changed their passwords:

su - zimbra
zmprov sa -v "mail=*@example.tld" | egrep '^mail:|zimbraPasswordModifiedTime:|^$' | grep -v '^$\|^\s*\#'

Configure → Class of Service → <CoS> → Advanced → Password

This will even work to set the same password, or override a policy limitation.

List all administrators:

su - zimbra  
zmprov gaaa

Set a password:

su - zimbra
zmprov sp <user or admin email address> <new password>

It may also work to just use admin instead of an e-mail address.

https://wiki.zimbra.com/wiki/Zmauditswatch

zmlocalconfig | grep swatch

zmlocalconfig -e zimbra_swatch_notice_user=admin@domain.com
zmlocalconfig -e zimbra_swatch_ipacct_threshold=10
zmlocalconfig -e zimbra_swatch_acct_threshold=15
zmlocalconfig -e zimbra_swatch_ip_threshold=20
zmlocalconfig -e zimbra_swatch_total_threshold=60
zmlocalconfig -e zimbra_swatch_threshold_seconds=3600

zmauditswatchctl start | stop | status

For service auto-start, follow the wiki link above. I had to use the old style initd method.

chkconfig --add zmauditswatch
chkconfig --list

service zmauditswatch start | stop | status

https://github.com/wuxmedia/Zimbra_passpoll

cd /opt/zimbra
wget https://raw.githubusercontent.com/wuxmedia/Zimbra_passpoll/master/passpoll.sh
chown zimbra.zimbra passpoll.sh
chmod +x passpoll.sh
su - zimbra
vi passpoll.sh

Modify at least:

FROM="admin@yourdomain.tld"
ADMIN_RECIPIENT="admin@yourdomain.tld"