I used DSACLS inside powershell (I used powershell V4)
I read from this blog post https://vbzine.wordpress.com/2011/05/14/dsacls-command-to-grant-domain-groups-password-reset-and-unlock-account-rights-to-specific-org-unit-ou/#comment-768
how to grant reset password rights for some specific OU using DSACLS but the syntax is wrong as the Write Property and Read Property are case sensitive and must be capitalized and the last quote need to be placed after the ;user and not before. Here is the correct syntax:
dsacls “OU=TeamA,dc=SWUG,dc=com,dc=sg” /I:S /G “swug\groupA:CA;Reset Password;user”
dsacls “OU=TeamA,dc=SWUG,dc=com,dc=sg” /I:S /G “swug\groupA:RPWP;PwdlastSet;user”
dsacls “OU=TeamA,dc=SWUG,dc=com,dc=sg” /I:S /G “swug\groupA:RPWP;lockoutTime;user”
