Scenario: we uses use a service account on LDAPWS, that can reset password for all users. How can this service user reset password for AD user?
Solution: It depends on how you set the permissions for password reset for this service account for which OU (and sub-OU)
Given that we have the organizations like below:
You would like to grant user “permis01” to do the reset password for the “suborg” and its child, you can do the following: https://drive.google.com/file/d/0BzejQ4QaVGlhNEdhUWxIR2trZlk/view
What happens:
+ If you change the password for the AD users belonging to the “suborg” and its child, no error throws
+ If you change the password for the AD users not belonging to the “suborg” and its child, e.g the AD user “permis02”, you will receive the error: http://prntscr.com/cdkckh where the LDAPWS error trace is: http://prntscr.com/cdkd0d