Up until very recently, all management in the Active Directory was handled through using some Domain Administrator account. These accounts were either the built-in Administrator account or the root account (created for automated account creation and password synchronization) or a personal domain admin account username-adm. All these accounts are members of the Domain Admins group and as such have broad powers.
In both domains there is a security group named accounts_cs. Members of this group have been given special account management powers in the Users OUs in both domains.
In CS-GENERAL there is a universal group called domain_join_cscf in the CS\CSCF OU. This groups has been granted the right to add and delete computers from the CS-GENERAL domain.