'Cache Refresh' is a 'pull' method. That means, you can 'pull' user's information from AD / any LDAP server to Gluu Server.
'Push' user's information from Gluu Server to AD is not possible because we generally don't want to give that much 'write access' to Gluu Server so it can modify backend data souce ( i.e. AD for your case ).
However, there is a script which actually can 'push' updated password from Gluu Server to backend AD / LDAP server; you can use/modify that script to meet your requirement.
Here is the script: https://github.com/GluuFederation/oxAuth/tree/master/Server/integrations/basic.password_expiration