Active Directory Service Account Rights (Reset Password)

Self-service password reset In order for this feature to work, you need to delegate the permission to reset users' passwords in the ADUC console. To do this, follow the steps below:

1. Right-click the OU or domain in ADUC and select Delegate Control from

2. Click Next in the welcome dialog box.

3. Click Add to select the service account, then click OK.

4. Click Next

5. Select Create a custom task to delegate and click Next.

6. Select Only the following objects in the folder. In the given list, select User objects and click Next

7. Check the General and Property-specific boxes.

8. Under Permissions, check the boxes for before clicking Next.

• Reset password

• Read pwdLastset

• Write pwdLastset

• Write userAccountControl

• Read lockoutTime

• Write lockoutTime

1. Click Finish.

Or you can do the same proccess via cmd .

✅ Commands (Replace MIRKETLAB\mirket if needed)

Run the following 6 commands in an elevated Command Prompt on a Domain Controller:

dsacls "OU=SALES,DC=mirketlab,DC=local" /I:S /G "MIRKETLAB\mirket:CA;Reset password;user"
dsacls "OU=SALES,DC=mirketlab,DC=local" /I:S /G "MIRKETLAB\mirket:WP;pwdLastSet;user"
dsacls "OU=SALES,DC=mirketlab,DC=local" /I:S /G "MIRKETLAB\mirket:RP;pwdLastSet;user"
dsacls "OU=SALES,DC=mirketlab,DC=local" /I:S /G "MIRKETLAB\mirket:WP;userAccountControl;user"
dsacls "OU=SALES,DC=mirketlab,DC=local" /I:S /G "MIRKETLAB\mirket:RP;lockoutTime;user"
dsacls "OU=SALES,DC=mirketlab,DC=local" /I:S /G "MIRKETLAB\mirket:WP;lockoutTime;user"