I have set up a limited administrator account, whom I only want to be able to access AD and setup/modify/change passwords/delete users. I wanted them to be able to setup mailboxes on Exchange and remove them also. But that is all I wanted them to be able to do. I tried, but sadly the user is unable to delete users.
So firstly, how do I do it so that this user is only able to delete users who are in a particular OU with users in there already, but NOT any other users in other OU's?
I have set up someone already and when I right click on that user and select the 'Security' tab and go to Advanced and select 'Edit', there are a load of permissions in there. In the sections where it says 'Apply To', you have a dropdown and then you have a load of permissions below that!! Where can I find what all of this means and what they do?
Also, in the security tab of the user properties, does the name 'SELF' refer to the permissions this particular user has? Attached is a photo of what I mean.