In the real world where you want to separate the roles between the AD admins on one side and the Exchange admins in the other side, I recommend to follow the following steps:
Tasks to be implement by the internal IT Pros  in charge of AD infrastructure and its content management:

a) prepare the AD schema
b) prepare the exchange servers
a) first mount the Exchange 2013 sp1 .iso
(setup.exe /help:preparetopology)

We suppose in our example, than MYCOMPANY is a Mono Forest Mono Domain

setup /prepareAD /organizationName:MYCOMPANY /ActiveDirectorySplitPermissions:false /IAcceptExchangeServerLicenseTerms
setup /prepareSchema /organizationName:MYCOMPANY /IAcceptExchangeServerLicenseTerms
setup /prepareDomain /organizationName:MYCOMPANY /IAcceptExchangeServerLicenseTerms


follow the configuration steps to split permissions (in order to implement RBAC split permissions):
b) setup /NewProvisionedServer:<exchangeserver1>

c) Create AD admin accounts for third party company in charge of Exchange operations
Put their AD accounts on the right Exchange group: Exchange organization management”(is the most important group with highest privileges in Exch)


Then tasks to be done by the third party company (contracting company) in charge of Exch ops:

they can install Exchange servers without high privilege in AD

they can configure Exchange servers and roles, they can create mailboxes (and assign to existing users using the enable-mailbox cmdlet)

due to the RBAC split permissions model implemented by the AD team, the Exchange team cannot create security principals except distribution groups