To reset passwords and unlock user accounts in Active Directory, users must have the following permissions:
In this tutorial, you will learn how to add the permissions to an existing Security Role.
Launch Adaxes Administration Console.
Expand Adaxes service \ Configuration \ Security Roles and select the Security Role you want to modify.
In the Permissions section located to the right, click Add.
In the Add Permissions dialog, do the following:
In the Property-specific permissions list, check the Write Lockout-Time permission in the Allow column.
Click Save changes.
If the Reset Password operation is configured in such a way that users can change only the User must change password at next logon option, the Reset Password permission is enough and no additional rights are required.
However, if you want users to be able to change the User cannot change password and Password never expires options as well, you need to grant them additional rights.
For details, see Grant Rights to Modify Account Options.