Although far from exhaustive, the tasks in Table 1 (in the main article) give you a good starting point. Your list will probably include additional administrative tasks, such as

  • adding or removing domain controllers (DCs)
  • backing up DCs
  • creating Group Policy Objects (GPOs)
  • administering domain security infrastructure (e.g., IP Security—IPSec—public key infrastructure—PKI—certificates)
  • managing DNS records
  • deploying, configuring, and supporting computers
  • using Remote Desktop for Administration to administer servers
  • creating network-shared folders
  • managing file and folder permissions
  • managing printer queues

To delegate these tasks, as well as many more like them, you use Group Policy settings, ACLs on specific resources (e.g., folders, DNS zones), or membership in the right group (e.g., membership in the Server Operators, Power Users, or Administrators group to create shares). Because you don't use Active Directory (AD) delegation to implement these tasks, they fall outside the scope of this article. However, you can still use the Task, Role, Scope methodology to analyze them. You simply need to use a technique other than AD delegation to implement the model.