It's still common in IT departments to enter the domain administrator password to join a computer to a domain or install software on a client machine. This seems insane to me, you can just fake the windows gui in a Fullscreen application and keylog the password - even using a web browser. I think AD is a relic of the 90s that should be retired