I'm trying to delegate permission to a user to unlock locked accounts.
In Active Directory Users & Computers: for the OU containing all the users, I right-click Delegate Control | pick the person | pick create a custom task to delegate | pick 'user objects | then Pick property-specific | then check "read lockout time" and "write lockout time".
1. Did this destroy previous permissions and replace it with just read & write lockout time?
2. When I run my powershell command, I get a red error: "Unlock-ADAccout: insufficient access rights to perform the operation"
I was following instructions at:
Thanks for any thoughts,