Hi guys hope you are all well and can assist.
We are currently going through the process of reevaluating our Active Directory Security model.
What Id like some help with from you kind people is the following:
When you guys implement a new technology, and someone requests that a service account be created, what do you guys suggest in determining whether it should be:
1) a member of the domain admins group, or
2) just a member of the local admins group on each and every server?
Do you guys automatically add this service account to be a member of domain admins?
If not, how do you add this new account to be a member of every local admins group on every server?
Any help greatly appreciated.