We are current running an domain with Active Directory (Win2k3) Our password policy is restricted so users only have 3 attempts to login with the right password or the account will be locked out.
However Domain Admins are atm. the only ppl how can unlock the account again - I Want to make that possible for my groups of "super users" to unlock some accounts in 1 OU (And no access to other OU- nor read account info)
My "super users" don't know anything about Win2k3 so i want to make it very easy for them.
Can it be done easyly or maby there are another (more easy?) solution