Windows 2012 Delegation – passwords

By | August 20, 2015

Windows 2012 Delegation – Password Reset

Delegation-1

Allow user to reset Password

I was recently asked how to give a domain user permissions to reset an Active Directory password.

** You need to have a domain user account or domain group created **

In Windows Server 2012 R2 the process has changed.

Open Active Directory User and Computers.

  • Right click on the OU (Organizational Group) you wish to grant these permissions. Then select Properties.

OU-Security

  • Click on the Security Tab and the Advanced Tab

OU-Advanced

  • Click Add and select the principal

OU-principal

OU-User

  • Click OK
  • On the Applies to, select Descendant User objects

OU-Descendant

  • Check the Reset Password

OU-Password

  • Check Write lockoutTime and Write pwdLastSet
  • Click OK

Log into the server with the user or the group that you have assigned these permissions.