Administration Model

Authorized users perform administration in Active Directory Domain Services. A user is authorized by a higher authority to perform a specified set of actions on a specified set of objects and object classes in some identified subtree of the directory. This is called delegated administration. Delegated administration allows very fine-grained control over who can do what and enables delegation of authority without granting elevated privileges.