Active Directory What Rights does a User need to create users in AD
We run AD 2008 R2. I thought only Domain admins had any access rights to pull up ADUC or create and delete users. We have a user not apart of our Domain admins group but he was able to access ADCU and create a new user. Any ideas how I can find out if hes been delegated access for his OU or what rights groups hes part of that could grant him these permissions?