In the course of administering Active Directory, there are basically two types of people when it comes to utilizing the delegated control capabilities: People who use it a lot, and people who don’t use it at all. In my previous Windows Server tip, I explained that it is a good idea to put Active Directory accounts into holding patterns with dsquery. When the time comes and you need to start deleting accounts in Active Directory, delegated control is a great way to make that happen. Delegation within Active Directory allows one or more tasks or actions to be permitted with rules set by administrators.
A good example of using delegation is giving the PC support team the ability to delete computer accounts within Active Directory to go with the day-to-day tasks of administering client computing devices. This logic can be applied to virtually everything in Active Directory, and it is relatively easy to set up.