Enterprise Admins group is a group that appears only in the forest root domain controller and members of this group have full administrative control on all domains that are in your forest.
Domain Admins group is a group that is present in each domain. Members of this group have a full administrative control on the domain.
Administrators group is one of the default local groups, memebers of this group have full control of the computer,and they can assign user rights and access permissions to users as necessary.The administrator account is a default member of this group. When a computer is joined to a domain, the Domain Admins group is added to this group automatically. Because this group has full controll of the computer,use caution when you add users to it.(from Windows Help)
Enterprise Administration
Administering the AD Schema (Schema Admins is technically the only thing required...)
Creating Certificate Authority (Root and Issuing)
Managing Certificate Templates (Default or otherwise)
DHCP Authorization
Forest trust relationships
Forest Preparation and Functional Level management
Global Sites and Services Management and administration (for all domains)
Creation of Sites & Site-Links
Creation of IP Subnets
Terminal Services Licensing
Creation and Destruction of Domains
FSMO Role Seizure (Domain Naming, Schema)
[Schema only needs schema admins...]
Global Domain Controller Replication Management
Global Domain Management
Global Group Policy Management
Global Administrative Control for All Domain users and computers
Take ownership of all forest and domain resources
Domain Administration
-
**CAUTION** - By default, Domain Admins in the Root Domain can make themselves Enterprise Admins
Domain / DC Group Policy Management
Domain user and computer administration
Delegation of rights within Domain
FSMO Role Seizure (RID, PDC, Infrastructure)
Domain Controller Installation (DCPROMO)
Domain Controller Recovery (DRM)
Domain Controller Replication Management
Sites and Services Management for Domain level Controllers (Replication & Global Catalog)
Enterprise Domain Services (SCOM, SCCM) (System Container Modification)
Creation of Organizational Units and other AD objects in Domain
Domain Preparation and Function Level Management
Creation of domain level DFS Namespaces
Administrators
Access this computer from the network
Adjust memory quotas for a process
Allow logon locally
Allow logon through Remote Desktop Services
Back up files and directories
Bypass traverse checking
Change the system time
Change the time zone
Create a page file
Create global objects
Create symbolic links
Debug programs
Force shutdown from a remote system
Impersonate a client after authentication
Increase scheduling priority
Load and unload device drivers
Log on as a batch job
Manage auditing and security log
Modify fireware environment variables
Perform volume maintenance tasks
Profile single process
Remove computer from docking station
Restore files and directories
Shut down the system
Take ownership of files or other objects