I am trying to figure out a way to lock a user down to his location only.
I want this user to only have full ability to manage his servers and his users which are kept in a separate OU.
I want to take him out of the Domain Admins groups and put him into a less powerful group so he cannot touch the infrastructure, but I want him to have the ability to manage his servers and join computers to the domain.
I have looked into Delagation, but do not see anything in there about allowing him access to his servers or to join computers to the domain.
Please let me know your thoughts