For our student accounts I remove the default ACE for Authenticated Users (because of FERPA, which is a federal student privacy act). Then a group has been delegated rights to reset their passwords and force a password change at next logon, as well as restoring the read general, public, personal, permissions, and web information (like Authenticated Users normally has).
Using ADUC one of these admins with delegated rights can reset the password, but the checkbox for force password change at next logon is greyed out. If the admin then opens the account and goes to the Account tab they can check the "force password change at next logon" successfully. Anyone know what's going on? Steve Evans List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
