If you are auditing Active Directory (AD) the most important “big miss” I see from auditors is neglecting some of the less-than-common administrator level accounts within AD.
In general, there are two types of accounts that I focus on when I audit AD.
1. Accounts and groups with explicit Administrator privileges, and
2. Accounts and groups with inherited Administrative privileges.