The below outlines setting up a delegated user in Active directory to be able to perform password resets from within the Senso portal. 


To setup the Senso side of things please  Setting Password Reset Up Within Senso


Step 1:


Create a Standard Domain user in ADUC (this user can be called anything you like or an existing domain user\service account can be used if required)


Step 2:


Right Click the Domain or OU you want the delegate to manage, please note the permissions may be affected by inheritance.


Step 3:


Select Delegate Control, click next on the delegation of control wizard.


Step 4:


Add the newly created Domain User & click next.


Step 5:


Click the Create custom task to delegate radio button & then click next. 


Step 6:


Select “only Allow the following objects in folder” scroll to the bottom of the dialog box and select User objects then click next. 

 

Step 7:


Leave "general" Ticked and select "property specific"

 

Step 8:


Select the following objects from the list:


>Change Password
>Reset Password



>Read lockoutTime
>Write lockoutTime

 

> Read pwdLastSet
>Write pwdLastSet 


 
>Read userAccountControl
>Write userAccountControl



 Step 9:


Click next & Finish – The Required delegate access is now complete.