cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Queried Domain Admins

charles burch
Copper Contributor

‎Sep 17 2018 12:36 PM - last edited on ‎Nov 30 2021 10:07 AM by

‎Sep 17 2018 12:36 PM - last edited on ‎Nov 30 2021 10:07 AM by

Queried Domain Admins

I was looking at a computer and on the logs, it shows a name of a person who is not a Domain Admin but has queried Domain Admins Queried next to his name.

 

What does this mean?

Preview file
113 KB
1,868 Views
0 Likes
2 Replies
Reply
2 Replies
Nicholas DiCola (SECURITY JEDI)

‎Sep 18 2018 10:51 AM

‎Sep 18 2018 10:51 AM

Re: Queried Domain Admins

Hi

It means a process running as the user ran a query against the domain admins group to enumerate the members of this group.  Some apps do this.  Is this something you would expect apps on your network to do?  if so, its likely normal.  if not its worth looking in to.

0 Likes
Reply
charles burch

‎Sep 18 2018 11:23 AM

‎Sep 18 2018 11:23 AM

Re: Queried Domain Admins

Nicholas,

  Thank you for the replay.  This is not normal on our network.  What type of steps could you recommend to help look into this?

0 Likes
Reply