We're using Active Directory 2003 in native mode. I've given the helpdesk the ablility to change users passwords. But for some reason, they can't change all of my users passwords. It could be 2 users in the same OU. They could change 1 user password, but not the other, the the 2 users could be in the same groups. I don't understand what's stopping them. I've tried delegating control at the OU level to the group and still no changes. If I put them in the domain admins group it works. But we don't want that of course.