I gave a presentation at Defcon 21 on gaining domain admin by abusing commonly used management software:

https://www.defcon.org/html/defcon-21/dc-21-speakers.html#Hendricks

The talk discussed domain controller isolation principles and how commonly used management software like System Center Operations Manager (SCOM), Out-of-band management devices (ex. HP iLO), Hyper-V, and security scanners can be abused in order to gain access to domain controllers.

Here are the slides and videos from the talk: