I am running Windows 2003 R2 SP2 AD. I have delegated admin task to a group and to a specific user to create/delete/change group membership.
There are few users/groups where the delegation did not took in effect because that user/groups are part domain admins, schema admins, enterprise admin, built administrator groups which is fine and I understand this.
If I check a User A's security tab I don't see delegated user id in it then the delegated user wont be able to delete User A.
Is there a way where I can scan the whole AD users/groups to find out which users/groups are missing delegated ID.