A. Windows Server 2008 introduced the Read Only Domain Controller (RODC), which allows administrator role separation—so a user can be delegated management rights for an RODC without giving them any Active Directory domain administrator privileges. These delegated administrators can not only manage the RODC, they can also promote a server to an RODC, as long as a standard domain admin has pre-provisioned the DC. Note that a user who's delegated management permissions on one RODC doesn't have privileges for other RODCs or DCs.
Users can be made delegated administrators during RODC account provisioning, or after creation by adding users or groups to the administrators group. You can add them from the command line using the command
If you want to do this on a remote RODC, use
connect to server
You can also run the command
show role administrators
to see who the delegated administrators are.