In estimation around 95 % of Fortune 500 companies run Active Directory. Many features are not secure by default and can be easily misconfigured. Landing a phising attack to compromise a standard domain user might be enough to gain full control over the domain under the right conditions. An example would be the noPac exploit. https://www.secureworks.com/blog/nopac-a-tale-of-two-vulnerabilities-that-could-end-in-ransomware