I have Admin in various location I would like to remove them from Domain Admins group
and create a group per location.
I have created an OU for each location and I want them to have full Admin right on USERS and COMPUTERS of their OU.
What is the Best Practice to obtain what I want?
Location A has OU call A-Unit
I will create a new group call A-Admins
I want A-Admin to have full Admin Right on Users and computers of A-Unit ( should be able to join machine to domain, install software and drivers on users machine, create account, reset password, delete users, create group, delete group...)
Location B has OU call B-Unit
I will create a new group call A-Admins..same thing..