A. Windows Server 2008 introduced the Read Only Domain Controller (RODC), which allows administrator role separation—so a user can be delegated management rights for an RODC without giving them any Active Directory domain administrator privileges. These delegated administrators can not only manage the RODC, they can also promote a server to an RODC, as long as a standard domain admin has pre-provisioned the DC. Note that a user who's delegated management permissions on one RODC doesn't have privileges for other RODCs or DCs.

Users can be made delegated administrators during RODC account provisioning, or after creation by adding users or groups to the administrators group. You can add them from the command line using the command

dsmgmt.exe
local roles
add \ administrators

If you want to do this on a remote RODC, use

dsmgmt.exe
connections
connect to server
quit
local roles
add \ administrators

You can also run the command

show role administrators

to see who the delegated administrators are.