All:   It seems that another team at my organization believes that they should maintain the OS portion of my systems while my team only manages the application portion of those systems. I can see the perceived benefits for some cases but in my case I believe it to be a security issue. These would include many Windows Roles, such as Radius, AD, AD DLS, Event Forwarding from DC’s, RMS, PKI, to name a few. It is my understanding that these roles are tightly woven into the OS and thusly cannot be separated from the local Administrator Roles that this other team wants. It puts these identity related services at risk – IMO.

  Would you please respond with either how your organization manages its identity related services where it concerns management of the OS as opposed to the roles that the servers provide? I am opposed to trying separating the OS administration from the role administration for servers that manage identities but I want further supporting information from industry leaders. Sorry for the urgency of my request but I have to be prepared to defend my position this afternoon. Will you please respond as soon as you can?   BTW: I am also basing my position on Microsoft’s latest guidance on Securing Active Directroy, April 15, 2016 located here:   Thank you,   Brian