I'm looking to create an account similar to a Domain Admin, but without access to domain controllers. In other words, this account will have full Administrator rights to any client machine in the domain, be able to add machines to the domain, but have only limited user rights to the servers. (it will better if it will have no access to the server remote etc) This account will be used by a person in an end-user tech support kind of role. They should have full access to client machines for installing drivers, applications, etc... but I don't want them on the servers. Could you help me please ?