Within Active Directory security, is there a way to restrict a help desk group’s ability to enable user accounts after they have been disabled by a LAN Admin?
