Skip to main content


Home Domain admin

Domain admin

(also DA)

Domain admin definition

A domain admin (DA) is an automatically created security group in the Active Directory domain that has full control over it. They control who can access shared resources, as well as grant and revoke domain-wide administrative privileges.

Using domain admins

Domain admins have more rights to make changes to a system. They control all the servers and workstations, so if a malicious actor were to gain access to these accounts, the results could be disastrous.

Preventing domain admin account hacking

  • To minimize the chance of a cyberattack, only allow one or two people to have domain admin rights.
  • Beware of phishing. With it comes spyware, keyloggers, worms, and other kinds of malware that could steal your credentials.
  • Use strong passwords and a password manager, and never share the passwords with anyone.