Can the 'net user' command be used to find the admin account names on a network?

The net user command can be used to dump a list of account names. An authenticated user can list the local accounts by entering "net user" at the command prompt. Entering "net user /domain" will list the active accounts in the domain that the user is a member of, but this list does not expose group membership. If you have renamed the administrator account, you cannot tell from this output who is an administrator and who is not.

You could, armed with resource kit tools or third-party tools, discover this information. However, there are other sources of account lists, including the list exposed when assigning or viewing permissions on files. This capability will expose not only the user names, but information about existing groups and any comments in the comment field of the group. This information leakage is more contained in Windows Server 2003.

There are many sources of information about your network that are available to authorized users of your network -- this is what can make them infinitely more dangerous than someone from the outside.

Member feedback: The command net group /"domain admins" /domain will list the members of the domain admins group. No third-party tools are needed.

Roberta Bragg's response: The question asked what the net user command would show and is therefore answered correctly. The net user command does not expose who the administrators are. However, as is correctly pointed out, the net group command, like other native, freely available and third-party tools, will expose the list of domain administrators.