1) Open Active Directory Users and Computers console
2) Select Properties for the target Organizational Unit where you want to delegate permissions;
3) Select Security tab and then click Advanced
4) Add user to which you want to delegate permissions and select to apply to "Descendant User objects":
5) Select permissions Read lockoutTime and Write lockoutTime:
And that's it!