Should I have multiple domain administrator accounts?

Each user who performs administrative activities should have a dedicated account to perform those activities. In a Windows environment, the built-in (RID 500) Administrator account should have a complex password set, printed, and locked away in a safe, etc. for emergencies.

A general tenet of security goes like this: You want to know who is performing which (administrative, in this case) activities (i.e. having an audit trail. Sharing accounts blows that out of the water.

Further, you want to be able to cut off an individual's access in case of a breach of password security, termination, etc. Shared accounts don't meet that criteria, either.

Shared, common-use accounts of any type should be considered highly dubious in value, but shared administration credentials are always bad.

re: Windows-specfic considerations like limited Remote Desktop / Terminal Services connections: Be curteous to your fellow admins and don't leave disconected sessions laying around. I've found that social pressure works fairly well in small organizations (i.e. mentioning frequently and loudly the fact that admin XXX doesn't remember to logoff servers). You can always boot other users' disconnected sessions off if you really have to. It adds, maybe, 30 seconds to a connection attempt. In a larger organization, or if it becomes a major problem, you might consider implementing disconnected session timeouts.

A little aside, but one that's probably on-topic since you mentioned an IT consultant: As an IT contractor myself I always request a dedicated administration account for myself, and I demand not to know any "shared" administration credentials. It protects both parties and provides an audit trail. I always want my Customers to feel like they can "lock me out" at a moment's notice (and to actually have that ability, too) because I believe it sends a powerful message that I'm confident in my ability to maintain the relationship with them based on the merits of my skills and the value I provide, not based on some vague feeling that they're "locked in" to me.


One reason not to have multiple accounts:
If you administer everything using remote desktop, you might have a limit to those. If people just close the remote desktop session without logging out they will get tied up quickly.

A reason to have multiple accounts:
You can see who was logged in when if something bad happens. Really though, if you have a good team environment, whoever did something will just admit to it.