post #1 of 1
Thread Starter 
Hey all,

I know the title doesn't say much, basically we have an issue where a sister company who does some support is adding themselves to the domain admin group.

Now this is the problem, they have 2 domain controllers in the domain so that they can add users to groups and set up security and distribution groups. They are logging onto the domain controller using the local admin username and password and then adding themselves,

Anyone got any idea how to stop this, apart from the quest AD tools which we have in a project phase atm.