The practice of data center server operators doubling as Active Directory domain administrators is one of the most common, and potentially most damaging, security risks in Active Directory infrastructure. The challenge for AD administrators is to adequately secure the directory, while still delegating the domain controller administration rights necessary for daily operations.
Hi, I'm Allison Main, Product Marketing for Identity and Access Management Solutions at Dell Software. It is important to distinguish between data, administrator, and service administrator roles when you're looking at the Active Directory security model, even though these two roles are often lumped together. Failure to separate the two roles give front-line operation staff elevated rights within the domain controllers they administer, creating the risk of accidental or malicious alteration, or deletion of data or data structures in the domain.
But the white paper "The Keys to the Kingdom-- Limiting Active Directory Administrators," sponsored by Dell Software and authored by Microsoft MVP Sean Deuby, explains that the security risks associated with the simplified implementations of the Active Directory domain controller security model, and presents best practices for keeping domain controller and domain administration rules separate. So download the white paper now, and learn how you can better secure your Active Directory environment by keeping the number of individuals with domain and force privileges to an absolute minimum.