So we're consolidating a slew of W2K and WNT domains into one gigantic one... and placing their respective standalone domains into OUs so...
We can delegate permissions to the OUs for AD management like a prior admin of W2K_2 domain to the now W2K_2_OU, but what of things like software installation? Say they have member servers in their new OU, what is the most efficient ways to give them control over their own servers?
I'm going through:
... and subsequently: Restricted Groups Group Policy:
But can't make sense of it. Probably because it's the end of the day. Suggestions?