Hi

Is it possible to give someone access to a resource, like windowsdomain, WITHOUT giving access to the accounts already entered?

1. I would like to make a domain-resource where all password admins should place AD-account.

 - This way I can use the same account for password reset, which is set on the resource.

2. password admin/user should still follow rules of sharing.

3.  If accounts already exists, they should be hidden or unaccessible untill shared.

I have tried sharing the resource with; view, modify, manage.

But they give access to already existing accounts.