Delegate permission to "Pre-create Read-only domain controller account"
772
Is it possible to delegate permission to "Pre-create Read-only domain controller account" (found on the context menu of the Domain Controllers' OU) to a non-domain admin account?
This manual states it's not possible to delegate this permission. It says "The first stage of the installation, which requires domain administrative credentials, creates an account for the RODC in AD DS.", thus you cannot use a non-administrative account to create a RODC account in the domain. You can, however, delegate the second part of the RODC installation:
On the Delegation of RODC Installation and Administration page, type the name of the user or the group who will attach the server to the RODC account that you are creating, as shown in the following figure. You can type the name of only one security principal.
This manual states it's not possible to delegate this permission. It says "The first stage of the installation, which requires domain administrative credentials, creates an account for the RODC in AD DS.", thus you cannot use a non-administrative account to create a RODC account in the domain. You can, however, delegate the second part of the RODC installation: