I currently run a single domain environment across multiple sites. I'm looking to hire some new technicians, but don't want to give them the "keys to the kingdom."
What is the best method to restrict admin accounts? Do I have to go through and create security groups, etc.?
Also, what are your recommendations on auditing changes made across the domain?
Thank you for your time!