Penetration testing and auditing of Active Directory are crucial practices. Neglecting the security of your AD essentially amounts to handing attackers the keys to your kingdom on a silver platter.
All it takes is for one user to open the wrong email attachment, and attackers can gain entry. Now, the responsibility falls on you: Is your network secure enough to prevent an attacker from taking control?
Do you even know all the services that are accessible from the internet? Are there vulnerabilities an attacker could exploit to get into your network?