beren beren wrote:
Hi. Is it possible to make admin Bob unable to edit accounts (delete, create, change passwords)created this year ? There is an idea to move them to a group or OU and give Bob the rights to write only there. Is there a more elegant solution ?
Sure, use a filter like (createTimestamp>=20220101000000) in the ACL.