I have a temporary person technician that comes in once in a while to do work for us.I want to assign him with the permission to to reset passwords of Active Directory users, All the users are in a OU called staff, I dont want him to reset passwords of users which are in other OU's Example ManagementUsers, ExecutiveUsers, VIPUsers and no other dangerous access rights.
I use windows 2008 Domain Controller.
This is what I've done so far...
1 - created a user account for the technician.
2 - On the "Staff" OU in Active Directory i right click and selected Delegation control wizard and Added that user into the delegate control.
3 - From the Delegate common tasks i selected only "reset password"
I have tested the above configuration and it is not working,This is where I'm stuck... I want to know what else permissions i needed to assign to this user so he can reset passwords only on "Staff" OU and Absolutely no other permissions
Waiting for your support.