Some tools that draw links between objects in a Active Directory architecture, show that if we have an user who is administrator of an OU on which a domain administrator is also present, so he can take control of the domain.
Is that true?
How is it possible if so?