Points of My Scenario:
1. I am admin of a Windows Server 2008 R2 domain
2. I need to enable select users to replicate Active Directory changes using dssite.msc (AD Sites and Services snap-in)- without placing them in the Domain Admins or Enterprise Admins groups.
3. I want to create a group, then use Delegation of Control Wizard or an appropriate Active Directory object's ACL to enable this custom group to have the access mentioned in point 2.
QUESTION: What is the best way to grant a custom group the permissions to use dssite.msc (Active Directory Sites and Services) to manually manage replication?