An automatically created security group in the Active Directory domain that has full control over it. They control who can access shared resources, as well as grant and revoke domain-wide administrative privileges.
Domain admins have more rights to make changes to a system. They control all the servers and workstations, so if a malicious actor were to gain access to these accounts, the results could be disastrous.