Graham, According to the Best Practices for Delegating Active Directory, this is what you need to do:
1. write properties on user object to modify User-Password attribute 2. write properties on user object to modify User-Force-Change-Password extended right Or 1. write properties on user object to modify Pwd-Last-Set attribute Dunno if these are accessible via the delegation wizard. :m:dsm:cci:mvp | marcusoh.blogspot.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Graham Turner Sent: Tuesday, March 28, 2006 9:45 AM To: activedir@mail.activedir.org Subject: [ActiveDir] ou delegation - change password at next logon Dear all, was wondering if someone could give us a view on the delegation of the 'user must change password at next logon' it seems that having applied the delegation (using Windows 2000 delegation wizard on a Windows 2000 domain) that allows 'reset password on user objects' , the delegate can check the box from ADUC, but this does not in fact set the above attribute it would seem that we are going to need to apply a custom delegation, from which it is not immediately obvious how to delegate the setting of this attribute. would anyone be able to offer a 'walkthrough' using the Windows 2000 delegate control wizard ?? Thanks GT List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
