You are the primary system administrator for a large Active Directory domain. Recently, you have hired another system administrator upon whom you intend to offload some of your responsibilities. This system administrator will be responsible for handling help desk calls and for basic user account management. You want to allow the new employee to have permissions to reset passwords for all users within a specific OU. However, for security reasons, it's important that the user not be able to make permissions changes for objects within other OUs in the domain. Which of the following is the best way to do this?

A) Create a special administration account within the OU and grant it full permissions for all objects within Active Directory.
B) Move the user's login account into the OU that the new employee is to administer.
C) Move the user's login account to an OU that contains the OU (that is, the parent OU of the one that the new employee is to administer).
D) Use the Delegation of Control Wizard to assign the necessary permissions on the OU that the new employee is to administer.

As for the information provided, we know that when some work is to be delegated then, care has to be taken, that the work when delegated, will require delegation of responsibilities and the right to have access to some authorities to do such work.

Here the new administrator needs to have the authority to access the specific OU. And now, the administrator needs to delegate such rights for new password. Also, the administrator shall not access to passwords of other OU.

Accordingly for this, the company shall delegate with control wizard.