Enterprise Admins group is a group that appears only in the forest root domain controller and members of this group have full administrative control on all domains that are in your forest.
Domain Admins group is a group that is present in each domain. Members of this group have a full administrative control on the domain.
Enterprise Administration
Administering the AD Schema (Schema Admins is technically the only thing required...)
Creating Certificate Authority (Root and Issuing)
Managing Certificate Templates (Default or otherwise)
DHCP Authorization
Forest trust relationships
Forest Preparation and Functional Level management
Global Sites and Services Management and administration (for all domains)
Creation of Sites & Site-Links
Creation of IP Subnets
Terminal Services Licensing
Creation and Destruction of Domains
FSMO Role Seizure (Domain Naming, Schema)
[Schema only needs schema admins...]
Global Domain Controller Replication Management
Global Domain Management
Global Group Policy Management
Global Administrative Control for All Domain users and computers
Take ownership of all forest and domain resources
Domain Administration
- **CAUTION** - By default, Domain Admins in the Root Domain can make themselves Enterprise Admins
Domain / DC Group Policy Management
Domain user and computer administration
Delegation of rights within Domain
FSMO Role Seizure (RID, PDC, Infrastructure)
Domain Controller Installation (DCPROMO)
Domain Controller Recovery (DRM)
Domain Controller Replication Management
Sites and Services Management for Domain level Controllers (Replication & Global Catalog)
Enterprise Domain Services (SCOM, SCCM) (System Container Modification)
Creation of Organizational Units and other AD objects in Domain
Domain Preparation and Function Level Management
Creation of domain level DFS Namespaces