Hi Team.
I am just looking for suggestions on overcoming a minor issue.
Let's say I have the following.
UserA and UserA is a member of GroupA
We have a secure T0 area in our AD, and we have not allowed anyone in GroupA to change the accounts that are in T0. However, because UserA can add members to groups outside of T0, they also seem to be able to add T0 accounts to the groups.
Is there a way to deny Add on Member of for accounts in a certain OU if the person making the change is in GroupA
Thanks in advance