I am running Server 2008 R2 in an Active Directory Domain Environment.
I have created a group in Active Directory and I have delegated management authority to that group to a user.
I want this user to be able to add and remove accounts as needed from that group so that they are exercising some measurement of control without giving them other authority.
When I have the user attempt to access the Active Directory Users & Computers Console it prompts them for Administrator credentials. They are using Remote Desktop to access the server, because they do not have Windows 7, and firewall rules prevent using the Remote Management Kit.
I do not want to provide them with any level of Administrative rights except the minimum required for them to add/remove users from this group.
There are two servers that 'talk' to each other in this isolated environment, a domain controller and a member server, both are only reachable through RDP.
© Server Fault or respective owner