Web-Based NT User/Group/Permissions Administration??? (IIS)

[Dan LeGate]

I want to set up a web page for our department where the person who is
currently in charge of maintaining and updating user accounts on our
mainframe, can easily add/delete/modify users on our Windows NT 4.0
machine running IIS 4.

I want to have control over more than just User/Group/Permissions too.
I'd like to also allow her the option to manually set or generate a
random password for a new user. I'd like her to be able to set
password expiration parameters too.

What methods have been used to accomplish this most successfully? I'd
like to use Cold Fusion, if possible, since that's what I'm most
familiar with, but will consider ASP or some other approach if that's
the only way it can be done.

I need to have our web pages authenticate with NT security, so it
cannot be based on simple entries into a SQL database (although I'll
be doing that too, to extend the security beyond NT's scheme). I need
this system to actually modify the NT user database directly.

I'd like to have drop-down lists for Groups and Permissions; text
fields for username; password field for password, with an
"Auto-Generate" checkbox; Password Expiration ability with an option
to allow the users to change their own password via the web.

Is this possible? Is anyone out there implementing a similar scheme?

Any help or information is greatly appreciated.

Thanks,

Dan

PS - if replying publicly, can you also CC a copy to my email address?
And vice versa: if replying privately, please CC a copy publicly so
all can benefit from your responses. Thanks!