====== Delegate user to join computers to AD ======
Delegate rights using Active Directory Users and Computers:
  - Open the **Active Directory Users and Computers** snap-in.
  - Right-click the container under which you want the computers added, and press **Delegate Control**.
  - Press **Next**.
  - Press **Add**.
  - After adding all the users and/or groups, press **Next**.
  - Select **Create custom task to delegate** and press **Next**.
  - Select **Only the following objects in the folder**, check **Computer objects**, check the **Create selected objects in this folder** box, and press **Next**.
  - Check the **Create all child object** box and press **Next**.
  - Press **Finish**.



  - Click **Start**, click **Run**, type **dsa.msc**, and then click **OK**.
  - In the task pane, expand the domain node.
  - Locate and right-click the OU that you want to modify, and then click **Delegate Control**.
  - In the Delegation of Control Wizard, click **Next**.
  - Click Add to add a specific user or a specific group to the **Selected users and groups** list, and then click **Next**.
  - In the **Tasks to Delegate** page, click **Create a custom task to delegate**, and then click **Next**.
  - Click Only the following objects in the folder, and then from the list, click to select the Computer objects check box. Then, select the check boxes below the list, **Create selected objects in this folder** and **Delete selected objects in this folder**.
  - Click **Next**.
  - In the **Permissions** list, click to select the following check boxes:
      - **Reset Password**
      - **Read and write Account Restrictions**
      - **Validated write to DNS host name**
      - **Validated write to service principal name**
  - Click **Next**, and then click **Finish**.
  - Close the “Active Directory Users and Computers” MMC snap-in