It’s inevitable. You’ve given a number of individuals in your organization rights to run around in AD making changes as they see fit, with little oversight. It’s a situation that’s ripe for abuse.
A user with admin rights can grant another permissions with little more than a group membership change, giving an unauthorized user access to commit data theft, or fraud. Too many users, with too many privileges… an no one watching to prevent abuse.
Think it doesn’t happen? Nearly two-thirds of organizations today believe threats stemming from insiders are more difficult to detect, citing their already credentialed access as the number one reason.