Can the 'net user' command be used to find the admin account names on a network?

The net user command can be used to dump a list of account names. An authenticated user can list the local accounts by entering "net user" at the command prompt. Entering "net user /domain" will list the active accounts in the domain that the user is a member of, but this list does not expose group membership. If you have renamed the administrator account, you cannot tell from this output who is an administrator and who is not.

You could, armed with resource kit tools or third-party tools, discover this information. However, there are other sources of account lists, including the list exposed when assigning or viewing permissions on files. This capability will expose not only the user names, but information about existing groups and any comments in the comment field of the group. This information leakage is more contained in Windows Server 2003.

Download this free guide

72-Page PDF: Windows 10 Frequently Asked Questions

In this comprehensive guide, our experts answer the most frequently asked Windows 10 questions ranging from the OS itself, to migration, to user-adoption, and everything in between.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

There are many sources of information about your network that are available to authorized users of your network -- this is what can make them infinitely more dangerous than someone from the outside.

Member feedback: The command net group /"domain admins" /domain will list the members of the domain admins group. No third-party tools are needed.

Roberta Bragg's response: The question asked what the net user command would show and is therefore answered correctly. The net user command does not expose who the administrators are. However, as is correctly pointed out, the net group command, like other native, freely available and third-party tools, will expose the list of domain administrators.