With a basic understanding of the various Administrative Accounts, Microsoft Tiers, it’s time to look into where do these accounts reside in an Active Directory Domain once these accounts are made.-
CENTRALIZE ADMINISTRATIVE ACCOUNTS:
The location of the administrative users and groups is often overlooked. If i were to perform an audit on any random domain, there’s a major chance that I’d find administrative accounts scattered across multiple Organizational Units.
Often by accident this scattered user placement creates pathways that attackers exploit to gain higher level of privileges.
Top items for managing administrators:
By managing these four administrative account items, you can be certain you know who is an administrator in a domain, and you will know what they can do on the domain.
Microsoft open sourced a lot of the information on privileged account management already.