We have 20 Sites globally, 100 Servers (ALL Win 2003) Approx. 3000 Desktop users split between global sites. To manage this we have a service desk tier 1/2/3 and on each site with have what we call low grade administrators (Hands & feet, general daily admin duties etc. etc.) my issue is sorting and an AD Account for these site administrators that allows them to conduct daily duties. In the past Domain Admin rights have been given out all over the place - this has led to serious issues. Can anyone suggest a good solid format for managing this?