Chapter 14. Security: Default groups and delegation

In a small organization, you could easily be the only administrator of your Active Directory without being overwhelmed. But imagine an organization with thousands of users—a single administrator will not be sufficient. The simple answer, used by most organizations for historical reasons, is to provide a large number of users domain-administrator-level permissions. This often leads to a situation where no one has overall responsibility for the Active Directory, so it gradually descends into a chaotic state.

Note

The reason for putting all administrators into the Domain Admins group can be traced back to Windows NT in the mid-1990s. Membership in the Domain Admins group was required ...

Get Learn Active Directory Management in a Month of Lunches now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.