utility native to OS X for administering AD accounts (without "magic triangle")

EDIT: So far I have explored

1. Centrify Suite (Spoke with a rep who didnt believe they offered a solution for this)
2. Thursby ADmitMac (I have seen evidence that a tool exsists, but I'm failing to find a way to obtain/purchase, or verify that it is still current/operational with said environment)
3. Apache Directory Studio (among other LDAP browsers)
   • I admit ignorance in how LDAP/AD accounts work, but I dont believe the user account password can be reset from this method anyways? I do find the accounts via filtering search sAMAccountType=805306368 though.

EDIT:This machine is in the correct container in the AD tree. A solution not requiring a local VM would be ideal.

This is in a Server 2003 Environment. The the account has Domain/Enterprise Admin permissions. I am trying to come up with a way to administer AD accounts (reset pw's, flag for pw change etc.) without having to RDP to a Windows box to utilize the Admin Pack.

For background information, the client machine I would like to run this from is running OS X 10.6 and is properly bound to the domain and single sign on works perfectly - I have tried (out of desperation) to use Workgroup Manager for this purpose. Workgroup manager will retrieve the account's and they can be viewed, but it will not allow you to attempt to authenticate (the lock in the upper right hand corner is grayed out). Additionally, when attempting to make any changes, permission is denied.

There is no Open Directory server, and making real schema changes is probably out of the question due to the hoops I'd have to jump through in order to make it happen.

Is there a native OS X utility to assist with this? Is there an Open Source project that can facilitate this, that I can run on an intranet web server?

I'm positive this comes down to an inadequacy in knowledge of the integration specifics, but I'm having a hard time figuring out/finding a cut and dry answer to this.

Thank you in advance...