You need to ensure that user named user1 can link and unlink Group Policy Objects(GPOs) to OU1

Your network contains an active directory domain named Contoso.com. The domain contains 100 user
accounts that reside in an organizational unit (OU)named OU1.
You need to ensure that user named user1 can link and unlink Group Policy Objects(GPOs) to OU1. The
solution must minimize the number of permissions assigned to user1.
What should you do?

A.
Run the Delegation of Control Wizard on the Policies containers

B.
Run the Set-GPPermissioncmdlet

C.
Run the Delegation of Control Wizard on OU1

D.
Modify the permission on the user1 account

Explanation:
A: Not minimum permissions
B: Grants a level of permissions to a security principal for one GPO or all the GPOs in a domain
C: Minimizes delegated permission to a single OU
D: Will not allow GPO changes to the OU
Delegation of Control Wizard
The following are common tasks that you can select to delegate control of them:
Create, delete, and manage user accounts
Reset user passwords and force password change at next logon Read all user information
Modify the membership of a group
Join a computer to a domain
Manage Group Policy links
Generate Resultant Set of Policy (Planning)
Generate Resultant Set of Policy (Logging)
Create, delete, and manage inetOrgPerson accounts
Reset inetOrgPerson passwords and force password change at next logon Read all inetOrgPerson information

http://technet.microsoft.com/en-us/library/dd145442.aspx http://technet.microsoft.com/en-us/library/ee461038.
aspx http://technet.microsoft.com/en-us/library/cc732524.aspx