I'll skip over some of the things I have tried. But basically the situation
I create a barnd new account and delegate these controls for the account
allow reset account
allow read pwdLastSet
allow write pwdLastSet
Now that user can select and tick the box for 'user must change password at
next logon' for any user in the container that delegation has been set up
for. However once this has been selected and applied that user cannot remove
the tick form the tick box - same object.
You get an error - The following Active Directory error occurred: Access is
But there are no explicit denies for this user and the delegation that has
been set up. Plus if there was surely you would not be able to tick the
option in the first place.
Anyone have experience with this sort of issue?