# Identify Risky Conditions in Active Directory (Exposed Active Directory Domain Administrators) ## Workflow Epiphany tracks all high value accounts within its data sets. When dealing with the complexity of Active Directory, Epiphany pays special attention to the Domain Administrators as they present the most direct risk if exposed. The [Dashboard](/technical-documentation/epiphany-workflows/technical-analysis/create-an-analysis-focused-dashboard.md) contains components specifically designed to track user identity exposures. For the Epiphany-specific process we'll be using the following workflow: 1. Go to **Identity Tools -> Active Directory.** 2. Check Effective Domain Admins. 3. Check Exposed Domain Admins. ### Effective Domain Admins Epiphany measures Domain Administrator privileges in two distinct ways, first is Direct Membership meaning the user was placed directly into that group within Active Directory. The second is Inherited (indirect) Membership meaning their permissions are inherited because they are members of a group that grants those permissions. ![The Effective Domain Admins Identity component.](/files/azHxE75SQZBbDCEE0Wk5) When clicking on this card, you will get the complete list of all members, Direct and Indirect, of the Domain Administrators group. ![Details for the effective domain admins identity component.](/files/DgILJ7tCXFNpcVKeoU9C) Epiphany will show you the Account Name, how it receives the Domain Administrators rights (**Membership**), other groups that user is a part of (**Other Groups**), and the ability to see the graph relationship of that accounts membership (**Rights Chain**). ![A rights chain graph.](/files/Dc7MbTnIPoAds3NlPfdm) This is an example of a simple direct membership rights chain. ### Exposed Domain Admins Exposed Domain Admins in Epiphany are any active session of a user with Domain Administrator rights currently active throughout the environment that is capable of being reached with an attack chain. ![Exposed Domain Admin identity component.](/files/9J06NY2Q9mfKlthuaj2a) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.reveald.com/technical-documentation/epiphany-workflows/technical-analysis/identity-management/identify-risky-conditions-in-active-directory-exposed-active-directory-domain-administrators.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.