Administration of an RODC can be delegated at the time of installation through a feature called Administrator Role Separation (ARS). Delegation can be done to a user or group. This user has local administrative rights (not Domain Admin rights) to perform administration tasks on the RODC.
RODC delegation can be configured when the domain controller is being configured. Alternatively, delegating administration after installation is accomplished through Active Directory Users and Computers on the Managed By tab of the RODC’s Properties sheet, as shown in Figure 5-3.


FIGURE 5-3 The Managed By tab is used to delegate administration of an RODC.