I've seen a lot of places use Active Directory Groups to control access to SQL Server, with a group for the DBA team which has been granted sys admin.

One thing to watch out for here is who can control membership of the group. I've seen non-DBAs "temporarily" added for "testing" purposes.

If you are worried about this it is worth using xp_logininfo from time-to-time to monitor who is in your DBA AD group. I once knew a suspicious DBA who automated a process to run this every few minutes and email an alert to him if group membership changed.