I'm trying to make a password reset workflow and find that I get the same "General access denied error" Active Directory error when I'm trying to use the "Reset User Password" component. I'm pretty sure this is boiling down to a permissions/rights issue where the WF components are trying to write to more fields than my service account has permissions for. The service account I'm using does have reset password permissions, but apparently this is not enough for the "Reset User Password" component too. Our environment is on super-duper security lockdown, so the service account I'm using only has write permissions in AD for the 4 custom attributes and reset password permission. Unfortunately I can't admin AD myself and must go through our Networking department to get permissions adjusted on the service account I'm using after two different approvals are granted. This makes being able to test this myself impossible.
So, does anyone know what the minimum AD permissions are for a service account to successfully use the "Update User" and "Reset User Password" AD Workflow components?