I am currently the administrator for a 100 employee busineess runnig strictly Windows platform: Exchange, SQL, Server 2003/08 and WIndows XP/7.
Right now I have full admin rights and the remainder of the staff have standard user rights.
I plan on hiring a jr support tech, and I want to give him some elevated privilages, which I have never done. Is there a best practice on this, or basic steps. I want him to be able to add/remove computers to the domain, add/modify users to Active Directory, but I of course dont want to give him the administrator password.