should all the i.t employees have the administrator password of the windows server DC to get the job done?

Question

in an enviroment where there is like 3 servers , server 1 DC with AD and Dhcp,dns 2 file storage 3 windows sql all the serveres are joined to the domain so the administrator password of server 1 can open all the other servers where there is important data and stuff but the i.t guys always need the administrator password to do any thing in the users PCs so what is the right way to manage a windows server environment like this or in general how does i.t departments work in small/midsize business sorry for my weak english and sorry if iam saying anything crazy , iam just a pro-user who got an i.t job and i think everything is wrong in this place and ((maybe)) i can fix it

Answer 1

should all the i.t employees have the administrator password of the windows server DC to get the job done?

No only people responsible for the server and with authority to grant permissions should have the DC password. This should only be 2 or 3 people in case one sick,on vacation, or otherwise not available. Even then every person should have there OWN login and should use it exclusively so whatever they do can be audited.

Generally domains admins use there authority to create local admin account for IT to use. Either that or they are given there own domain account with PC admin privileges and not domain level permissions.