The steps are:
- Open Active Directory Users and Computers.
- Right-click the OU (or domain) you want to delegate Contact administration for and then click Delegate Control.
- Click Next.
- Add the users or groups that you want to delegate control to and click Next.
- Click Create a custom task to delegate and then click Next.
- Click Only the following objects in this folder and select the Contact objects checkbox from the list.
- Select the Create selected objects in this folder and Delete selected objects in this folder checkboxes and then click Next.
- In the permissions list, select the Full Control checkbox and then click Next.
- Click Finish.
That should give the user or group permissions to manage and create only contacts for the OU or domain that was selected. By default, these permissions will flow down and be inherited by lower OUs.
The user will then use AD Users and Computers to create the contact objects. If you want to get fancy, you can create a custom view for the user to limit what they actually see. The version of AD Users and Computers that is used by the user will need to be updated with the Exchange 2003 management bits by installing the Exchange 2003 admin tools otherwise, it can’t mail enable the contacts.