I would like to delegate an AD user to administer the Group Membership of certain groups. But here is the catch: the user should only be able to to add user accounts to or delete user accounts from this group. The user should not be able add other groups to these groups.
Can someone help me out?
Answer
I don’t believe this is possible. The group object ACL permission allowing to add members will allow both users/ groups to be added. The only way I can think of to accomplish something like this would be to write a scheduled script that checks the managed groups members and removes any group objects if found.
Attribution
Source : Link , Question Author : Clifton C. Lenne , Answer Author : HostBits
