<div>
Yeah i just discussed that. Probably easier make a power user group sort of thing.<br />
<br />
Cheers
</div>


Yeah i just discussed that. Probably easier make a power user group sort of thing.

Cheers

<div>
<div class="content wysiwyg-content">
Hi Guys,<br />
<br />
We need to lock down AD from a few domain admins as they need very high access but keep changing things they shouldn't. <br />
<br />
Would the best option be to not allow write access on AD for the domain admins group and then add everyone that should have that power to the enterprise admins group?<br />
<br />
Thanks.
</div>
</div>


Hi Guys,

We need to lock down AD from a few domain admins as they need very high access but keep changing things they shouldn't. 

Would the best option be to not allow write access on AD for the domain admins group and then add everyone that should have that power to the enterprise admins group?

Thanks.

Domain Admin AD access

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.