The option to delegate administrative permissions in Windows Server 2003 Active Directory provides a great deal of flexibility in how your domain can be administered. The delegation of administrative rights is based on the Active Directory security model, where every object and every attribute on every object has an ACL that controls what permissions security principals have to the object. According to the security model, all permissions are, by default, inherited from container objects to objects within the container. These two basic features of the security model mean that you can assign almost any level of permission to any Active Directory object. This flexibility can also mean a great deal of complexity if the security for Active ...