I have a group of users, lets call them DOMAIN\MyPowerUsers; I would like to give everyone in this group the abbility to create, edit, and delete users in the DOMAIN, and to modifiy group membership of users in the domain. Is this possible?
SnapOverflow
You need to Delegate Control to that group. In AD Users and Computers:
Right click on your domain DOMAIN.LOC
select
Delegate ControlNext
Click Add and select the group
Select the permissions you wish to give the users (in your case, Create, Delete, Manage User Accounts & Modify the Memberships of Groups)
Click Next
Click Finish
You can do this by delegating control. If you open ADUC and then right click on the level of your tree that you want to delegate control to them (Domain root, OU, etc) there will be an option to delegate control. Walk through the wizard and it will ask who you want to delegate control to, then what you want them to be able to do Under Common tasks radio button there is an option to "Create, Delete and Manage Users" as well as "Modify the membership of a group" This will get you where you want to be.