A question haunted me for a while and I wanted to have an answer to : "How can I determine if an arbitrary user has the right to reset someone else password ?".

Initial research

Firstly, I tracked the kinds of rights available for an Active Directory object. I checked it for a user.