I am in the process of streamlining permissions for our support team. I wan to take away domain admins access from this user group.
What permission should I grant this helpdesk group?
I would like this group to be able to join computers to the domain, add/delete new users in AD, etc.
I have a few steps in mind but I just want to get some feedback on this item.