How to grant administrative access to the Domain Controller for non-domain administrator user
First of all you have to deploy Read Only Domain Controller (RODC) to use Administrator Role Separation. Then you can use DSMGMT.exe util to grant any local permission to any domain user.
1. Start elevated command line tool cmd.
2. Type dsmgmt.exe
3. Then enter local roles
4. You can type list roles to see available local roles on this DC.
5. To add User1 to local administrators group type: add DOMAIN\User1 Administrators
After entering command you have to see next output: Successfully updated local role.
As result we will have domain user that will be able to manage selected Domain Controller without affecting Active Directory Domain Services. For example user can log on to the Domain controller, manage drivers, restart server etc. Managing AD will be denied.