CALL TO ACTION
A change in Exchange permissioning behavior may impact mobile communications and other add-on applications for Exchange. Shared and resource mailboxes may also be affe...
Updated Jul 01, 2019
Version 2.0
Blog Post
Regardless of best practices, it is up to the administrators and management to assess the risks involved in using domain admin accounts for normal, daily use. There are circumstances, admittedly rare, where admins may be confident enough of their environments enough to use enterprise/domain accounts wherever they log in (usually their own). Is my environment that safe? Possibly.. possibly not. At this point, it has not led to any disasters.
That said, we pay the licensing on MS software and should be allowed to configure it as we please, provided it is legal. Since this isn't a legal issue, why enforce this function and make it so difficult to work around when it was expected that it would affect users in this manner.
I have even made the SD container changes and still have issues with the permissions getting revoked. I'd rather not back out on any patches. I removed the admin accounts from protected groups for now, but it's been highly annoying.
That said, we pay the licensing on MS software and should be allowed to configure it as we please, provided it is legal. Since this isn't a legal issue, why enforce this function and make it so difficult to work around when it was expected that it would affect users in this manner.
I have even made the SD container changes and still have issues with the permissions getting revoked. I'd rather not back out on any patches. I removed the admin accounts from protected groups for now, but it's been highly annoying.