I've used the "Delegate Control" wizard on my root domain object to attempt to assign password reset permissions. However it seems no combination of delegation permissions seems to work. Even if I delegate Full Control to my LDAP bind user, the error coming back from moodle when the user attempts to change their password is:
Error code: errorpasswordupdate
- line 476 of /lib/setuplib.php: moodle_exception thrown
- line 110 of /login/change_password.php: call to print_error()
Only when I add my bind user to domain admins does it function properly. I realize this is more AD related than moodle, but I'm hoping somewhere here has had a similar experience and can help.
Have you checked the user is listed in the security properties (should show up as having "special permissions") for the domain and on the relevant OU's?