Overview
Active Directory objects and their attributes have permissions just like files on a file server. You can assign permissions to non-admin accounts to perform certain tasks. A common use case for this is a Help Desk. Often times the Help Desk will need the ability to reset a users's password, or unlock an account because of too many failed logon attempts.
Delegate Control
Microsoft has created a wizard for setting AD permissions as described above, this wizard is called 'Delegate Control' and it can be accessed by right clicking an object within Active Directory Users and Computers (ADUC for short).
Password Reset
In order to allow another user to perform a password reset you need to set the following permissions:
Type: Allow
Applies To: Descendant User Objects
Permissions: Reset password
Optionally if you want to allow the user to set 'Require password change at next logon' set these permissions as well:
Type: Allow
Applies To: Descendant User Objects
Properties: Read pwdLastSet
Properties: Write pwdLastSet
Unlock Account
In order to allow another user to unlock an account set the following permissions:
Type: Allow
Applies To: Descendant User Objects
Properties: Read lockoutTime
Properties: Write lockoutTime
Reference
https://technet.microsoft.com/en-us/library/cc754542(v=ws.11).aspx