(also DA)
An automatically created security group in the Active Directory domain that has full control over it. They control who can access shared resources, as well as grant and revoke domain-wide administrative privileges.
Domain admins have more rights to make changes to a system. They control all the servers and workstations, so if a malicious actor were to gain access to these accounts, the results could be disastrous.