You want to delegate control over objects in Active Directory to a user or group.
Open the Active Directory Users and Computers or Active Directory Sites and Services snap-in depending on the type of object you want to delegate.
In the left pane, browse to the object you want to delegate control on.
Right-click on the object and select Delegate Control. Only certain objects support the Delegation of Control Wizard, so this option will not show up for every type of object.
Click the Add button and use the Object Picker to select the users or groups you want to delegate control to.
If the task you want to delegate is an option under Delegate the following common tasks, check it and click Next. If the task is not present, select Create a custom task to delegate and click Next. If you selected the latter option, you will need to go perform two additional steps:
Select the object type you want to delegate.
Select the permissions you want to delegate.
The Delegation of Control Wizard is Microsoft's attempt to ease the pain of trying to set permissions for common tasks. Because Active Directory permissions are so granular, they can also be cumbersome to configure. The Delegation of Control Wizard helps in this regard, but it is limited. The default tasks that can be delegated are fairly minimal, although you can add more tasks as described in Recipe 14.6. Another limitation is that you can only add new permissions; you cannot undo or remove permissions that you set with the wizard. To do that, you have to use the ACL Editor directly as described in Recipe 14.10.
Recipe 14.6 for customizing the Delegation of Control wizard