We are doing a review of members of powerful AD groups, e.g domain admins. Can you provide some examples into the types of admin/management tasks whereby a user requires domain admin permissions? I.e. what tasks require the use of domain admin rights. Seeing some examples of the types of task that would require domain admin permissions, would help us identify whether some on our list of members are valid or should be removed.