This edge indicates that the computer is a domain controller for the domain. This edge is not created
for read-only domain controllers.
Abuse Info
Domain Controllers store all Active Directory credentials and configurations for all principals in the domain. If an adversary gains administrative access to a Domain Controller, there are several options at their disposal for compromising domain identities and domain-managed systems. Please see the references section for more information.
Opsec Considerations
Domain Controllers are universally among the most sensitive systems in Active Directory, and are often closely monitored by defenders. Attacks that rely on administrative access to a domain controller may produce artifacts that defenders will see as reliable and urgent indicators of compromise.
Updated