We have a pretty old setup which was managed by our client. They could manage anymore and they have outsourced the entire Datacentre to us.
Everything is messed up right now. Nothing in place correctly and i have taken in charge of it to.
Its a 5000-10000 User, 5 Forest with single domain each environment ( Yes 5 forests root domain). The company kept acquiring other companies and instead of making it a child domain, every company acquired has been made as a forest and forest trust is created among them.
Every tom, dick or harry is having the access to the Domain Admin. Even a service desk guy has been added to the Domain Admin or other sensitive groups.
First and the foremost thing i thought of making changes to the environment is to restrict the access of unwanted people to the DC and other servers and to give least access required to perform their work.
How can i start achieving this. Need your help/suggestions as how should i plan to go ahead.