In a school situation - we have just upgraded our AD Servers to Server 2003 Enterprise R2 from Server 2003 Std.
I have been told with R2 it is possible to allocate the ability to certain users to change passwords of others for a specific OU.
In this case we want 2 staff members who we DON'T want to be Domain Admins to be able to change only student passwords. All students are in their own security & distribution group and in their own OU.
So far I haven't found any info on how to do it yet..