In this article, I’ll show you how to delegate Control In Active Directory and all a specific user to only reset passwords to users.
In this case, My client asked me to delegate control In AD to a staff member that will allow him to reset the password to users that locked their AD account.
Lucky, Active Directory allows us to delegate almost any possible administrative task and today I’ll show you how to do that.
To get started, you will need to use a Domain Admin account to set this up If you are, Open Active Directory Users and Computers -> Right click on the domain name and select Delegate Control
In the Users and Group click Add and Add users or groups
In the Task to Delegate, select the task and click next to finish the wizard
Done, Ask the user to log off and log on again to get the new delegated permissions