Enforcing Least-Privilege document was accidentally removed.
Here it is: https://www.slideshare.net/HuyKha2/iam-policy-ad
Active Directory Security Testing Guide - v2.0
ADSTG v2.0 has been released with more in-depth details and the list of exposures has been improved as well, but it still remains as basic for organizations that aren't much mature yet.
ADSTG is more focused on getting the basic done, such as deny workstation-to-workstation communication, deploying Microsoft LAPS, reducing the amounts of Local/Domain/Enterprise Admins, etc.