If he had AD admin access you'd better lock all accounts, and change the KRBTGT password at least twice. He could easily have dumped the entire user database and have access to every single account.
Not a member of The Register?
Create a new account
Remember me on this computer?
The Register - Independent news and views for the tech community. Part of Situation Publishing
Join our daily or weekly newsletters, subscribe to a specific section or set News alerts
Biting the hand that feeds IT © 1998–2019