Re: Needs domain admin and can allow you to impersonate any user.
>But if you have Domain Admin rights, you could just edit the schema and create some random account buried deep in the System container and give yourself every right you want.
And the audit logs would record you doing it.