I am starting to understand the delegation wizard in AD 2008 so thats fine but what I need help with is what would be the best practice to do the following:
Allow a security group to remote desktop to a Win2008 server that has access to AD but will only show specific Organisational Units, then lock down the server so this is all that the users can do.
E.g. remote connect to server1, then have AD/MMC load up that shows 2 OUs instead of the whole AD structure.
Any advice would be great as I am unsure where to start with this.