Active Directory

Can users be added to a group outside of the managed OU?

Hello!

There is such a structure.


1) AS Administrator Petrov 0 (red) creates and appoints the rest of Petrov 1-6 "OU Administrators", delegates to them the rights to manage ONLY his OU.
2) Each Petrov 1-6 creates his own Sidorov 1-6.

Question: Can Petrovs 1-6 include their Sidorovs in the "Users" group from the User Personnel container?
Or does it contradict the condition "manage ONLY your OU" and means that in order for Sidorovs 1-6 to become members of the "Users" group, you need to create in each OU the "Users-1 (2, 3, 4, 5, 6)" groups nested in general group Users?

upd:
There is also an idea to create an "area" attribute for accounts that is unique for each OU. And arrange so that Petrovs 1-6 have rights to the Users group, but can only change those whose "area" attribute values ​​match theirs.