Hello Glenn Maxwell,
Thank you for posting in Q&A forum.
For setting permissions on AD group, you can only use "add/remove members" permissions, it will let the users add or remove the members in this AD group.
However, you can try to using Delegation Control wizard on containers, then you can select "Create selected objects in this folder" or "Delete selected objects in this folder".
Here is a similar thread about setting permissions on AD containers (only with "Create selected objects in this folder" but with no "Delete selected objects in this folder"). https://serverfault.com/questions/336723/grant-permission-in-active-directory-to-add-users-modify-changed-password I hope the information above is helpful. If you have any question or concern, please feel free to let us know. Best Regards, Daisy Zhou
If the Answer is helpful, please click "Accept Answer" and upvote it.