If you haven’t done so already you will want to look at Management Central and in particular Managing users and groups. This may provide the level of function you are looking for.
If not, everything that Management Central is doing is done using system APIs and exit points which you can also utilize. Some of these APIs, and sample programs, are demonstrated in my book APIs at Work Second Edition under the Security topic.
Hope this helps,