Phone Live Chat
US: +1 888 720 9500
US: +1 800 443 6694
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9393


Active Directory delegation: Password Reset and Account Unlock

Windows Active Directory delegation is crucial for any organization's IT infrastructure because it provides a way for you to securely delegate management operations to technicians while ensuring they have the least privileges required to carry out their tasks. ADManager Plus' delegation feature is granular yet extensive, allowing you to delegate permissions for specific domains or even specific OUs. You can create customized delegation roles based on the tasks for which you want to delegate permissions. So, if you are wondering how to delegate password reset and account unlock permissions in AD securely, look no further than ADManager Plus.

Delegating password reset permissions

On average, one third of all IT help desk calls are attributed to password resets. When these calls happen over and over, productivity is affected for both employees and IT administrators.

A solution that would benefit both parties would be to delegate password reset in Active Directory to a help desk technician. ADManager Plus lets you:

  • Delegate permissions for password reset tasks across the required domains in a forest to the same technician.
  • Keep track of the password resets being performed by technicians with information like status, timestamps, and more.
  • Use custom roles to delegate role-based access to technicians so they can perform only the required tasks. The technicians will not be able to access any of the other AD management features.
  1. Steps to delegate password reset permissions to help desk technicians with ADManager Plus

Delegating unlock user account permissions

Most organizations have an account lockout policy in place to prevent brute force attacks. Account lockout policies render an account inaccessible for a specific period after a specified number of wrong password attempts happen. When this happens, users cannot access their accounts until the IT administrator unlocks it.

As users tend to forget or mistype their passwords often, account lockouts are a common occurrence in many organizations. This means account lockouts make up a major chunk of IT help desk calls. ADManager Plus can help you delegate permissions for unlocking AD user accounts by:

  • Enabling technicians to perform different sets of tasks in different OUs. For example, a technician can reset passwords in OU1, unlock user accounts in OU2, create and modify groups in OU3, etc.
  • Delegating permissions to technicians for unlocking user accounts across multiple domains.
  • Allowing you to create your own custom roles for delegating password reset permissions suited to your organization. For example, you can create a role that will allow the technician to unlock user accounts, enable/disable computer accounts, and enable Exchange mailboxes that are disabled.
  1. Steps to delegate unlock user account permissions to help desk technicians with ADManager Plus

Key highlights of ADManager Plus' delegation feature

  • Secure and non-invasive delegation model: The rights or privileges assigned to technicians are purely at the product level, and their actual privileges in Active Directory remain untouched.
  • Customizable roles: A variety of roles can be created to give technicians the ability to perform different tasks (for example: reset passwords, move users, generate group reports, etc.).
  • Role-based/profile-based delegation of tasks to help desk technicians: Only the modules or features assigned to technicians will be visible to them.
  • OU-specific administration: Enable technicians to perform different sets of tasks in different OUs.
  • Cross-domain/multi-domain delegation: Allow technicians to perform the designated tasks in multiple domains.
  • Audit reports: Get a trail of all the actions that a help desk technician has performed and all the actions that have been performed on a technician or role.

If you would like to learn more about delegating permissions with ADManager Plus, you can find help here

Delegate AD password reset and account unlock activities to non-admin users securely with ADManager Plus.

  • -Select-
By clicking 'Get Your Free Trial', you agree to processing of personal data according to the Privacy Policy.


Your download is in progress and it will be completed in just a few seconds!
If you face any issues, download manually here


We will send the download link to the registered email ID shortly.


Featured links

Other features
  • Active Directory Management

    Manage AD, Office 365, Exchange, Skype for Business, and Google Workspace accounts of users, single or bulk, using CSV files or smart templates.

  • Active Directory Password Management

    Reset password and set password propertied from a single web-based console, without compromising on the security of your AD! Delegate your password-reset powers to the helpdesk technicians too!

  • Active Directory Computer Reports

    Granular reporting on your AD Computer objects to the minutest detail. Monitor...and modify computer attributes right within the report. Reports on Inactive Computers and operating systems.

  • Microsoft Exchange Management

    Create and manage Exchange mailboxes and configure mailbox rights using ADManager Plus's Exchange Management system. Now with support for Microsoft Exchange 2010!!

  • Active Directory Cleanup

    Get rid of the inactive, obsolete and unwanted objects in your Active Directory to make it more secure and efficient...assisted by ADManager Plus's AD Cleanup capabilities.

  • Active Directory Automation

    A complete automation of AD critical tasks such as user provisioning, inactive-user clean up etc. Also lets you sequence and execute follow-up tasks and blends with workflow to offer a brilliant controlled-automation.

Need Features? Tell Us
If you want to see additional features implemented in ADManager Plus, we would love to hear. Click here to continue

ADManager Plus Trusted By

The one-stop solution to Active Directory Management and Reporting