KB10118 - AD: Delegate reset password and unlock account

This article describes how to delegate permissions in Active Directory to delegate the permissions to:

  • Reset Password
  • Force user to change the password
  • Unlock the user account in case of too many failed login attempts

to a specific user / user group (recommended)

      1. Go to Active Direcory Users and Computers and select the OU where your users reside that should be managed...
        KB10118 - AD: Delegate reset password and unlock account
      2. Select the user / group that should reset the users accounts in the given OU
        KB10118 - AD: Delegate reset password and unlock account
      3. Select "Create a custom Task to delegate
        KB10118 - AD: Delegate reset password and unlock account
      4. Select the option "Property-Specific" and then to following sub Permissions:
        • Reset password
        • Read lockoutTime
        • Write lockoutTime
        • Read pwdLastSet
        • Write pwdLastSet


KB10118 - AD: Delegate reset password and unlock account