639 questions
Users have the ability to add themselves to the Domain Admins group, granting them Domain Admin privileges.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 94%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHW%3C/text%3E%3C/svg%3E)
Hassan Waheed
10
Reputation points
All users created in Active Directory are able to add themselves to the Domain Admin group, granting themselves Domain Admin privileges.
Users can log into the Domain Controller, access Active Directory, and add themselves to the Domain Admin group.
I tested this issue, removed unnecessary permissions from the Domain Admin group, but upon checking today, all the permissions have been restored.
Can you help me understand why this is happening and how to resolve it?
Sign in to answer