For W2K3: To reset user passwords you need the "Reset Password" extended right on the user object. This is also available through the delegation of control wizard using the common delegated task "Reset a user account's password"
If you want to reset user passwords and force password change at next logon you need the "Reset Password" extended right on the user object and you need Read/Write permissions on the attribute "pwdLastSet". This is also available through the delegation of control wizard using the common delegated task "Reset user passwords and force password change at next logon" Look at the delegwiz.inf from W2K3 for the "Reset user passwords and force password change at next logon" and use that in the delegwiz.inf of W2K Cheers, jorge >>>-----Original Message----- >>>From: [EMAIL PROTECTED] >>>[mailto:[EMAIL PROTECTED] On Behalf Of >>>Graham Turner >>>Sent: Tuesday, March 28, 2006 16:45 >>>To: [email protected] >>>Subject: [ActiveDir] ou delegation - change password at next logon >>> >>>Dear all, was wondering if someone could give us a view on >>>the delegation of the 'user must change password at next logon' >>> >>>it seems that having applied the delegation (using Windows >>>2000 delegation wizard on a Windows 2000 domain) that allows >>>'reset password on user objects' , the delegate can check >>>the box from ADUC, but this does not in fact set the above attribute >>> >>>it would seem that we are going to need to apply a custom >>>delegation, from which it is not immediately obvious how to >>>delegate the setting of this attribute. >>> >>>would anyone be able to offer a 'walkthrough' using the >>>Windows 2000 delegate control wizard ?? >>> >>>Thanks >>> >>>GT >>> >>> >>>List info : http://www.activedir.org/List.aspx >>>List FAQ : http://www.activedir.org/ListFAQ.aspx >>>List archive: >>>http://www.mail-archive.com/activedir%40mail.activedir.org/ >>> This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
