Index: src/wp-admin/user-new.php
===================================================================
--- src/wp-admin/user-new.php	(revision 32297)
+++ src/wp-admin/user-new.php	(working copy)
@@ -65,7 +65,7 @@
 	if ( ( $username != null && !is_super_admin( $user_id ) ) && ( array_key_exists($blog_id, get_blogs_of_user($user_id)) ) ) {
 		$redirect = add_query_arg( array('update' => 'addexisting'), 'user-new.php' );
 	} else {
-		if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {
+		if ( isset( $_POST[ 'noconfirmation' ] ) && current_user_can( 'manage_network_users' ) ) {
 			add_existing_user_to_blog( array( 'user_id' => $user_id, 'role' => $_REQUEST[ 'role' ] ) );
 			$redirect = add_query_arg( array('update' => 'addnoconfirmation'), 'user-new.php' );
 		} else {
@@ -122,12 +122,12 @@
 			 * @param string $user_login The sanitized username.
 			 */
 			$new_user_login = apply_filters( 'pre_user_login', sanitize_user( wp_unslash( $_REQUEST['user_login'] ), true ) );
-			if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {
+			if ( isset( $_POST[ 'noconfirmation' ] ) && current_user_can( 'manage_network_users' ) ) {
 				add_filter( 'wpmu_signup_user_notification', '__return_false' ); // Disable confirmation email
 				add_filter( 'wpmu_welcome_user_notification', '__return_false' ); // Disable welcome email
 			}
 			wpmu_signup_user( $new_user_login, $new_user_email, array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST['role'] ) );
-			if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {
+			if ( isset( $_POST[ 'noconfirmation' ] ) && current_user_can( 'manage_network_users' ) ) {
 				$key = $wpdb->get_var( $wpdb->prepare( "SELECT activation_key FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $new_user_email ) );
 				wpmu_activate_signup( $key );
 				$redirect = add_query_arg( array('update' => 'addnoconfirmation'), 'user-new.php' );
@@ -303,7 +303,7 @@
 			</select>
 		</td>
 	</tr>
-<?php if ( is_super_admin() ) { ?>
+<?php if ( current_user_can( 'manage_network_users' ) ) { ?>
 	<tr>
 		<th scope="row"><label for="adduser-noconfirmation"><?php _e('Skip Confirmation Email') ?></label></th>
 		<td><label for="adduser-noconfirmation"><input type="checkbox" name="noconfirmation" id="adduser-noconfirmation" value="1" /> <?php _e( 'Add the user without sending an email that requires their confirmation.' ); ?></label></td>
@@ -418,7 +418,7 @@
 			</select>
 		</td>
 	</tr>
-	<?php if ( is_multisite() && is_super_admin() ) { ?>
+	<?php if ( is_multisite() && current_user_can( 'manage_network_users' ) ) { ?>
 	<tr>
 		<th scope="row"><label for="noconfirmation"><?php _e('Skip Confirmation Email') ?></label></th>
 		<td><label for="noconfirmation"><input type="checkbox" name="noconfirmation" id="noconfirmation" value="1" <?php checked( $new_user_ignore_pass ); ?> /> <?php _e( 'Add the user without sending an email that requires their confirmation.' ); ?></label></td>
Index: src/wp-includes/capabilities.php
===================================================================
--- src/wp-includes/capabilities.php	(revision 32297)
+++ src/wp-includes/capabilities.php	(working copy)
@@ -1090,8 +1090,9 @@
 		if ( 'edit_user' == $cap && isset( $args[0] ) && $user_id == $args[0] )
 			break;
 
-		// If multisite these caps are allowed only for super admins.
-		if ( is_multisite() && !is_super_admin( $user_id ) )
+		// In multisite the user must be a super admin, or must have manage_network_users caps and not be editing a super admin.
+		if ( is_multisite() && ( ( ! is_super_admin() && 'edit_user' === $cap && is_super_admin( $args[0] ) ) )
+			|| ! user_can( $user_id, 'manage_network_users' ) )
 			$caps[] = 'do_not_allow';
 		else
 			$caps[] = 'edit_users'; // edit_user maps to edit_users.
Index: tests/phpunit/tests/user/capabilities.php
===================================================================
--- tests/phpunit/tests/user/capabilities.php	(revision 32297)
+++ tests/phpunit/tests/user/capabilities.php	(working copy)
@@ -741,4 +741,33 @@
 		$user->remove_cap( 'publish_pages' );
 		$this->assertFalse( $user->has_cap( 'publish_pages' ) );
 	}
+
+	/**
+	 * @ticket 16860
+	 */
+	function test_multisite_edit_users_caps() {
+		if ( ! is_multisite() ) {
+			$this->markTestSkipped( 'Test only runs in multisite' );
+			return;
+		}
+		$user = new WP_User( $this->factory->user->create() );
+		$user->add_cap( 'manage_network_users' );
+
+		$other_user = new WP_User( $this->factory->user->create() );
+
+		$super_admin = new WP_User( $this->factory->user->create() );
+		grant_super_admin( $super_admin->ID );
+
+		// Non super admin can never edit super admins
+		$this->assertFalse( in_array( 'edit_users', map_meta_cap( 'edit_user', $user->ID, $super_admin->ID) ) );
+		// With manage_network_users can edit normal users
+		$this->assertTrue( in_array( 'edit_users', map_meta_cap( 'edit_user', $user->ID, $other_user->ID) ) );
+
+		// Without manage_network_users can not edit other users
+		$user->remove_cap( 'manage_network_users' );
+		$this->assertTrue( in_array( 'do_not_allow', map_meta_cap( 'edit_user', $user->ID, $other_user->ID) ) );
+
+		// Can always edit oneself
+		$this->assertFalse( in_array( 'do_not_allow', map_meta_cap( 'edit_user', $user->ID, $user->ID) ) );
+	}
 }
