1) what is the name of the permissions in AD would allow another user to create a new domain user? And how can you run a list of which users can create new users, and "where" in the domain they can create them?
2) , what permission in AD would allow a user to add another user to another security group? I've just right clicked a group in ADUC and gone on security, but I can see "add self" to group, but not add other.
So a) how can I see what groups users can add themselves to, and
b) what groups users can add others to.
3) Is there anyway to see which users created which groups/when, and which users created which users/when?