 AD 05 - Creating new groups to deploy OU delegations control and downloading the RSAT tools.  Diagram

Tutorial Overview
A great part of network administration involves management of users, computers, and groups. A successful operating system must ensure that only properly authenticated users and computers can logon to the network and that each network resource is available only to authorized users. In the Microsoft® Windows® 2008 operating system, the Active Directory™ service plays several major roles in providing security. Among these roles are the efficient and effective management of user logon authentication and user authorization. Both are central features of the Windows 2008 security subsystem and both are fully integrated with Active Directory.

Delegation of control is the ability to assign the responsibility of managing Active Directory objects to another user, group, or organization. By delegating control, the need for multiple administrative accounts that have broad authority can be eliminated. Delegated administration in Active Directory helps ease the administrative burden of managing a network by distributing routine administrative tasks to multiple users. Basic delegated rights can be given to normal users, like create a user account or group account etc.

When you look at how you want to administer objects within your Active Directory design, you will want to look at delegation of administration. This powerful feature allows you to offload administration of common tasks that should really be done by the owners of the content, such as resetting passwords and modifying group membership. By using the Delegation Control wizard, you can take advantage of some of the most common tasks provided to you by Microsoft