Create a limited AD account for administering Active Directory and Exchange?

hi guys,

We're on a domain environment. Our Exchange is on 2010 Sp2 sitting on a Windows 2008 R2 server. Our AD server is on a separate Windows 2008 R2 server.

I would like to set up an administrator who can log  on to these servers and do the following:

1. Create, modify, delete AD accounts.
2. Reset user passwords and force password change at next logon
3. Unlock accounts.
4. Set up, modify and delete Exchange mailboxes.

I know that in AD, I can set up a new OU and then right click and select 'Delegate Control'. However, my main issue is setting something like the above up to have access to do administration of mailboxes on Exchange also (i.e. setting up and deleting of users/mailboxes).

Any ideas on how to do this please?

Thanks
Yashy