The user who creates the object is by default the owner and administrator of the object. He can delegate administrative rights to another user for ease of management. Administrative rights can be delegated by using the delegation control wizard in Active Directory.
To delegate control of a container object in Active Directory:
- Expand the ADUC console tree
- Then right click on the container object over which you would like to delegate the control.
- A submenu pops out, from that choose the option Delegate control.
- The delegation control wizard appears , now navigate through its various pages and fill in the information like name of the user or group to whom you would like to delegate control , what kind of rights you want to delegate and so on
People also read
Active Directory Object permissions: Step-by-Step guide to managing permissions using GPOs, ADUC, and PowerShell
Creating objects in Active Directory