When you use the Delegation of Control Wizard to delegate the ability to reset passwords, the delegated user or group does NOT have permission to force a user to change their password at next logon.

To allow a user or group to set User must change password at next logon:

01. Open Active Directory Users and Computers.

02. Use the View menu to check Advanced Features.

03. Right-click the container that you have delegated control over and press Properties.

04. Select the Security tab.

05. Press the Advanced button.

06. Select the Permissions tab.

07. Press the Add button.

08. Select the user or group that has the password reset permission and press OK.

09. On the Permission Entry for Users dialog, Select the Properties tab.

10. select User objects in the Apply onto drop-down list.

11. Check the Allow column box for Write Account Restrictions.

12. Press OK, Apply, OK, and OK.