Contoso Corporation is a large university with multiple autonomous schools. The IT department wants to implement a more granular administrative control structure. They plan to use administrative units to delegate specific permissions to IT administrators for each school. The School of Engineering needs its IT team to manage user accounts, reset passwords, and control group memberships, but only for users within their school. Which of the following roles should be assigned to the School of Engineering's IT team with the scope limited to their school's administrative unit?