What is Active Directory's role in delegating administration in Windows?

Active Directory is the foundation of identity and access management in a Windows Server based IT infrastructure, because all vital IT components are stored, protected and managed in Active Directory –

1. User Accounts - used to identify and authenticate users and allow authorized and auditable access.
2. Computer Accounts - used by users to create, store and collaborate in computing activities.
3. Security Groups - used to provision and facilitate authorized access to information assets.
4. Group Policies - used to specify, control and protect organizational computers.
5. Domain Policies - used to protect vital user accounts and passwords.

These components are all stored and protected by Active Directory's security model, and responsibilities for all aspects of IT management related to managing user accounts, security groups, organizational computers and their security policies, helpdesk operations, etc. are all delegated in Active Directory.