Herb Martin said:
The specific things you mention are easy to do in
AD Users/Computers by using the Delegation of
Control Wizard (right-click on an object, probably
an OU, and it's the top entry.)
Well what Martin says is pretty true..
Just start AD users and computers with Domain Admin account ( or any other
account which has authority to delegate control) then Right click on the OU (
on which you want to delegate control), and then see the options, they are
pretty straight forward...
but if you want to give the permission of ENABLE/DISABLE account, then you
need to dig into a lil further.. you need to go into CUSTOM TASK permissons
and then select USER OBJECT (from only these specific object) and then
select WRITE USERACCOUNTCONTROL.... this will give the permission to ENBALE
or DISABLE..
Cheers,.