Enterprise Admins group is a group that appears only in the forest root domain controller and members of this group have full administrative control on all domains that are in your forest.

Domain Admins group is a group that is present in each domain. Members of this group have a full administrative control on the domain.

Administrators group is one of the default local groups, memebers of this group have full control of the computer,and they can assign user rights and access permissions to users as necessary.The administrator account is a default member of this group. When a computer is joined to a domain, the Domain Admins group is added to this group automatically. Because this group has full controll of the computer,use caution when you add users to it.(from Windows Help)

     Enterprise Administration

    Administering the AD Schema (Schema Admins is technically the only thing     required...)
    Creating Certificate Authority (Root and Issuing)
    Managing Certificate Templates (Default or otherwise)
    DHCP Authorization
    Forest trust relationships
    Forest Preparation and Functional Level management
    Global Sites and Services Management and administration (for all domains)
    Creation of Sites & Site-Links
    Creation of IP Subnets
    Terminal Services Licensing
    Creation and Destruction of Domains
    FSMO Role Seizure (Domain Naming, Schema)
    [Schema only needs schema admins...]
    Global Domain Controller Replication Management
    Global Domain Management
    Global Group Policy Management
    Global Administrative Control for All Domain users and computers
    Take ownership of all forest and domain resources

    Domain Administration

  1. **CAUTION** - By default, Domain Admins in the Root Domain can make themselves Enterprise Admins
    Domain / DC Group Policy Management
    Domain user and computer administration
    Delegation of rights within Domain
    FSMO Role Seizure (RID, PDC, Infrastructure)
    Domain Controller Installation (DCPROMO)
    Domain Controller Recovery (DRM)
    Domain Controller Replication Management
    Sites and Services Management for Domain level Controllers (Replication & Global Catalog)
    Enterprise Domain Services (SCOM, SCCM) (System Container Modification)
    Creation of Organizational Units and other AD objects in Domain
    Domain Preparation and Function Level Management
    Creation of domain level DFS Namespaces

        

        Administrators

    Access this computer from the network

      Adjust memory quotas for a process

      Allow logon locally

      Allow logon through Remote Desktop Services

      Back up files and directories

      Bypass traverse checking

      Change the system time

      Change the time zone

      Create a page file

      Create global objects

      Create symbolic links

      Debug programs

      Force shutdown from a remote system

      Impersonate a client after authentication

      Increase scheduling priority

      Load and unload device drivers

      Log on as a batch job

      Manage auditing and security log

      Modify fireware environment variables

      Perform volume maintenance tasks

      Profile single process

      Remove computer from docking station

      Restore files and directories

      Shut down the system

      Take ownership of files or other objects