Password change permission in AD

1. Create a new group.

Active Directory - Create a group

2. Right-click the desired organizational unit.

Select the option “Delegate Control” .

Active Directory - Delegate Control

3. Select the desire group.

Active Directory - Delegate Permissions

4. Select the permission to reset user passwords and force password change at next login.

Delegate permission - Reset password

5. Click the Next button to complete a configuration.

In our example, members of the group named MY-ADMINS will be able to reset the password for user accounts within the organizational unit named TEST.

Reset Password - Delegate permission