A domain admin can lock himself out by disabling his own account. The Site Admin then has to (temporarily) designate another account as the domain admin or re-enable the account using a database management tool like phpMyAdmin.
Suggested behavior: a domain cannot disable his own account.
Since an domain can have multiple administrators, it may be even better to enforce the rule 'a domain must have at least one enabled admin account'.
rimas-kudelis
commented
5 years ago
A domain admin can lock himself out by disabling his own account. The Site Admin then has to (temporarily) designate another account as the domain admin or re-enable the account using a database management tool like phpMyAdmin.
Suggested behavior: a domain cannot disable his own account.
Since an domain can have multiple administrators, it may be even better to enforce the rule 'a domain must have at least one enabled admin account'.