The Best Practices for Delegating Active Directory Administration page begins with:
Managing a distributed Active Directory environment requires dividing administrative responsibility among trusted data and service administrators and implementing administrative roles and access control to support secure and efficient delegation of administration.
OverviewActive Directory provides an enterprise-ready, scalable, distributed directory service that allows organizations to centrally manage and share information about network resources and users, and is the central focus for network security. Active Directory thus plays a major role in accomplishing the business goals of your organization, and your ability to successfully manage Active Directory has a direct bearing on your ability to accomplish these goals.
Delegation of administration, a key capability of Active Directory, provides a means to successfully manage an Active Directory environment. This document discusses in depth the issues involved in delegating administrative responsibilities, and can help you plan for and implement an administrative delegation model for more securely and efficiently managing Active Directory.