Here's my situation: I have a Helpdesk employee that I want to be able to create users in a particular OU and also create the same user in a particular Group. I don't want him to have access to change/modify any other groups or any other OUs.
In addition, I'd really prefer that he only has the ability to add a user to the group and change the password. I don't want him to be able to delete users from the group or OU.
Is there a way to do this without using a script of any sort?
This senario is on a Windows 2003 Server/AD enviornment.