Identifying domain admins from outside the domain?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

We are having a problem on our WAN which is mystifying me.

Domain A (corporate headquarters) and Domain B (shop) are tied together
by a WAN, but the domains are not trusting each other.  Occastionally a
trojan will infect a machine on Domain B which locks out all of the
accounts on Domain A that have domain admin rights, but none others.

We're going through the requisite security steps to make sure that this
doesn't happen again.

But my question is more specific:  How can a machine on Domain B know
which accounts on domain A are domain administrators?  No one has ever
logged on, mapped a drive, or done anything on the Domain B machines
which would give the trojan a clue as to which accounts to try.

Are Microsoft domains really so insecure that it's possible to not only
tell what accounts are domain admins, but what their specific names



Re: Identifying domain admins from outside the domain? says...
Quoted text here. Click to load it

Any chance that you forgot to rename the administrator account?

Any chance that you have two accounts with the same user/password?

Any chance that you didn't patch the servers on both ends?

If you were to browse the network to the other server, can you reach
it's shares? Can you open them? So can a virus.

remove 999 in order to email me

Re: Identifying domain admins from outside the domain?

We did not rename the domain administrator account on domain A.  But
it's locking out other accounts whose names it cannot guess.

We don't have two accounts with the same user/password.

You can't browse one domain from the other at all.

It just seems to be guessing, for example, that the DomainA/ITperson
account is a domain administrator, and then trying that account and
locking it out.

Site Timeline