What is the easiest way for our help desk to reset accounts in AD? We are at 2003 function level for both domain and forest. I have tried to make a MMC and delegate the authority but it is not consistent. Lockoutstatus does not allow the password to be reset. We will be going to 2008 server in a few months and I would like to implement the solution then. I would like to have a Microsoft solution if possible, and not a 3rd party solution.