I’ve found this post useful… I am hoping for some additional information on this topic though.
What I was able to do is delegate control to a user and select the ‘Reset user passwords and force password change at next login’ That part works, what I am wondering is two things…
First, is there a way to prevent changes to accounts in the Administrator or Domain Admin group?
Second, trying to follow up on hammo’s Unlock and Reset accounts info, I don’t see these options… the properties only show a general tab for the users and for a new OU I created show General, Managed By and COM+ tabs.
What I am trying to do is grant password reset and unlock privileges to 4 domain users, but ideally I wouldn’t want them to be able to change admin accounts.
Running Server 2003 R2 Standard (can upgrade to enterprise edition if that would allow more control).