How to give a user adminrights for users and groups only?

How can I give user the rights to administer users and groups and nothing else?

If I make him member of the group “Account Operators” and try to loging I get the error: “There is no module available for the authenticated user”

I would also very much like to know that. For example, the secretary can only create trainees.