High Privileged Default Security Principals
| Name | Comments |
| Account Operators | |
| Administrator | Relative Identifier -500 |
| Administrator | DSRM Mode. S-500 |
| Administrators | |
| Backup Operators | |
| Domain Admins | |
| Domain Controllers | |
| Enterprise Admins | |
| Enterprise Key Admins | |
| Key Admins | |
| krbtgt | User Class |
| Print Operators | |
| Read-Only Domain Controllers | |
| Replicator | |
| Schema Admins | |
| Server Operators | |
Other Security Principals with High Privileges
Service Accounts may be granted High Privileges on Domain Root Object, Group Policy Objects and other critical objects such as adminSDHolder must be flagged as Security Principals with High Privileges and monitored.
| Permissions | Comments |
| Replicate Directory Changes All | |
| Reset Password | Applied to or Inherited by High Privileged Security Principals (User) |
| Write Member | Applied to or Inherited by High Privileged Security Principals (Group) |
| Create Computer | |
| Create User | |
| Write Permissions | |
| Write Owner | |