Day in the life of a pentester.
This one is short and sweet. Some things you probably shouldn't do.
1. fail use clear text protocols
2. get caught not following your own password policies
& the best one
3. add your Domain Users group to the Enterprise Admins group...oops ;-)
Internal test, some simple ARP Spoofing and LDAP query caught in plain text, RDP in, create a user account and add them to the appropriate admin group...done.