If you work as an IT administrator, you probably have come across this quite often. You want to give a user permission to add a computer to a domain, but not give them domain admin rights or the like.

This is quite a simple task to do in Windows Server 2008 R2 using delegation of control.

Here’s how you do it:

1. Open “Active Directory Users & Computers”

2. Right click the desired domain and select “Delegate Control”

3. Press NEXT on the first screen

4. Press “Add”

5. Find the desired user

6. Press OK and then press NEXT

7. Select “Join a computer to a domain”

8. Press NEXT and then FINISH