You delegate control to one or more OUs in your AD and now you are not sure how to track or revoke rights you gave to some parts of AD, here is how to do it.
This tutorial covers Windows Server 2012 R2 and Windows 10 Pro
By default if you open Active Directory Users and Computers and right click on some of the OUs and select properties you will get following
Lets go and click on View tab on the top of the Active Directory Users and Computers screen and select
Advanced Features
After that if you right click on the some of the OUs in your AD and select Properties you will get following
If you click on Security tab you will get Permissions for that OU. You can manage them as you would on the File System
Thats it.