AD DS Delegating Permissions

     By default, the Enterprise Admins, Domain Admins, Account Operators and Administrators Group permission to create computer objects in any new OU. However, as previously discussed, we I suggest you closely confined to the first three members of the group, and you do not add Administrators Account Operators group.

      Instead, you should delegate permissions to create computer objects (referred to as creating a computer Object) appropriate management personnel or technical support personnel. This privilege, which is assigned to the Groups want to delegate management to allow members of the group to create a computer object OU specified. For example, you can make your desktop support team to create a computer object Client OU, and make your file server administrator to create a computer object in the file server OU.

     Assign permissions to create a computer account, you can use the Delegation of Control Wizard Choose a custom task to delegate.
     When you are given permission to manage the computer account, you can consider giving Additional permits despite the need to create a computer account. For example, you can decide this allows administrators to assign management features existing computer account deleted Computer accounts, or move the computer account.