Permision for the service account to do the AD password reset

Scenario:  we use a service account on LDAPWS, that can reset password for all users, e.g password reset on the LDAP authentication. How can this service user reset password for AD user?

Solution: It depends on how you set the permissions for password reset for this service account for which OU (and sub-OU)

Given that we have the organizations like below:

aduc_1

You would like to grant user “permis01” to do the reset password for the “suborg” and its child, you can follow this clip

What happens:

+ In case you change the password for the AD users belonging to the “suborg” and its child, no error throws.

+ In case you change the password for the AD users not belonging to the “suborg” and its child, e.g the AD user “permis02”, you will receive the error:

b90ae7df17ee46d7b1181578255761e4

and the detailed  error at the LDAPWS error trace: 112e560c7482454ea86203644aba73ad (3)