User allowed to read other users passwords

Hello,
is there and if yes which way to configure a user which is able to read other users passwords? This user should not belong to group “Domain Admins” but should be able to read userPassword and sambaNTPassword.
Thanks!