Controlling Organizations, Users, etc

I’m a Chef newbie, so this may be something that is easy, but I haven’t yet stumbled upon.

We are running our own internal Chef servers; we would like it such that:

  1. Users login with AD (we have this working already)
  2. Users are only given the option of joining (automatically) our existing organization
  3. Users cannot create new organizations

Any guidance appreciated!

Robert Stinnett