I need to set up a help desk guy that works for me as a junior admin.
What I need to know is what are the best practices to do this, specifically:
What groups should he be part of?
How to set him up with MMC tool running in his computer so that he only gets access to the domain users and computers snap in?
He must be able to add users, unlock accounts, manage remote desktops, etc.