This can easily be achieved using a Identity Management Solution like Lighthouse < http://www.sun.com/software/waveset/ > and extending the AD schema to include Group Manager / approvers DNs.
Lighthouse provide a nice interface for auditing, approval, declining, and removal of user objects from a Group. > The company for which I work has a security policy that I have to comply > with. According to this policy, all grouplist providing access to shared > information must be reviewed every 6 months. -- Saqib Ali, CISSP http://www.xml-dev.com/blog/ "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15 --------------------------------------------------------------------------- ---------------------------------------------------------------------------
