Systems administrators are paid a lot to look after expensive servers, but can spend a lot of time performing trivial tasks like resetting forgotten passwords. In the screencast below I show you how to delegate the ability to reset passwords and force password change at next logon to the members of a specific security group. Things can then be organized so that members of this group, rather than systems administrators, are contacted by users when a password is forgotten or needs to be reset. In the screencast this is only done for a specific OU, but it is possible to perform this delegation at the domain level if you want.