Delegating Control of an OU
You want to delegate administrative access of an OU to allow a group of users to manage objects in the OU.
Using a graphical user interface
Using a command-line interface
Although you can delegate control of an OU to a particular user, it is almost universally a better practice to use a group instead. Even if there is only one user to delegate control to, you should create a group, add that user as a member, and use that group in the ACL. That way in the future when you have to replace that user with someone else, you can simply make sure the new person is in the correct group instead of modifying ACLs again. The Delegation of Control wizard is discussed further in Recipe 15.7.
Recipe 15.14 for changing the ACL on an object and Recipe 15.7