mm, it seems the admin user repository doesn't need to be included in any service but can be used nonetheless.
Perhaps this is a security measure to not lock oneselves out completely?
I've also noticed my successfull admin user repository logons do not get logged in the access tracker regardless of using the admin user rep in a service or not. Even if I use a service with both AD and admin user rep as sources failures against both only show the AD failure.
Is this intended behaviour?