The below outlines setting up a delegated user in Active directory to be able to perform password resets from within the Senso portal. 


To setup the Senso side of things please  Setting Password Reset Up Within Senso


Step 1:


Create a Standard Domain user in ADUC (this user can
be called anything you like or an existing domain
user\service account can be used if required)


Step 2:


Right Click the Domain or OU you want the delegate
to manage, please note the permissions may be
affected by inheritance.


Step 3:


Select Delegate Control, click next on the delegation
of control wizard.



Step 4:


Add the newly created Domain User & click next.



Step 5:


Click the Create custom task to delegate radio button
& then click next.



Step 6:


Select “only Allow the following objects in folder”
scroll to the bottom of the dialog box and select User
objects then click next.


 

Step 7:


Leave "general" Ticked and select "property specific"

 



Step 8:


Select the following objects from the list:


>Change Password
>Reset Password




>Read lockoutTime
>Write lockoutTime

 


> Read pwdLastSet
>Write pwdLastSet



>Read userAccountControl
>Write userAccountControl



 Step 9:


Click next & Finish – The Required delegate access is
now complete.