Creation and Management of AD Objects in ITShop - Best Practices

Hi All,

I have requirements to manage the lifecycle of a number of AD/Exchange resources: Shared Mailboxes, Meeting Rooms, Distribution Lists, Security Groups, and Contacts. I need to support, view, create, update, delete, multiple owners, request access, remove access. I also need to provide a means to manage settings for these objects for owners and admins via ITShop, such as calendar settings for a meeting room. I'd like to keep it OOTB if as much as possible, or at least base it off OOTB components and modules.

I have two fairly broad questions and was hoping someone could set me on the right track.

1. What is the best practice method for allowing management of the objects via ITShop? I.e. create, update, delete?

I'm thinking it would be multi-requestable products/resources (one per action) + request properties or object dependent refs (if I need complex forms), and then processes to fulfill the request off of PWO? What other IM object structures would you create with these objects (roles, etc)? Keeping in my I need to have multiple 'owners' per object so I think I may need an 'owner' role per object. 

2. What is the best way to expose membership management functionality to the owners?

The requirement is for owners to view settings/attrs, view members, and add/remove members.

Any help or pointers would be great - thanks in advance!