I run a Windows 2003 server in a small enterprise with about 40 users. I onlyt have one IT technician. I want him to be able to perform some task and not the others.
Specifically I want him to be able to:
Manage AD to add and edit users.
Perform back ups.
I do not want him to be able to change the DHCP and DNS settings.
Please recommend how best to assign him privilege. I tried put him in Domain admin group, but that just gives him all the privilege. I want something more limited.