​Many organizations provision domain administrator privileges to IT helpdesk and support staff to expedite management of Active Directory (AD), end-user devices, and servers. While domain admin rights are required to perform some high-level AD tasks, they are not needed for day-to-day management of domain-joined PCs, servers, or AD. The Domain Admins group is added to the local Administrators group on every domain-joined device, so one way to provide remote access for IT staff is to simply add accounts to the Domain Admins group. But with domain admin privileges comes great responsibility.

By admin