We would like an individual from each one of our departments to have the right to reset passwords for members of their respective departments during off hours. We have an OU for each department and we're going to use the delegation wizard at the OU level to reset passwords. My question is, do these users need access to Active Directory Users and Computers to reset these passwords? I would imagine so...
If so, I was thinking I could set up a GPO which will push out the Windows 2000 Support Tools on the desktop of the assigned people? From there, they could launch ADUC's?
Does this make sense? Is there a better way?