Create/administer AD accounts is "Account Operator"
Exchange Accounts is "Exchange Administrator". Remote Desktop is going to depend on how you have configured GP - you can set it anything you want. Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael Link with me at: http://www.linkedin.com/in/theessentialexchange From: David Lum [mailto:[EMAIL PROTECTED] Sent: Friday, September 19, 2008 5:36 PM To: NT System Admin Issues Subject: Step-by-step for removing domain admins & delegating I have some users I need to pull out of being Domain Administrators, but they still need to be able to create / administer AD and Exchange accounts, remote desktop to the PC's, blah blah blah. While I can always iteratively step through these, has anyone done the same king of thing and have a guideline I can look at before I run through everything step by step? Granted , all environments are different, but if I can get some of the basics covered. I need to come up with documentation and get approval before actually making the change. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
