Re: AD...
"He could easily have dumped the entire user database and have access to every single account."
right, and STILL have low-level access via some obscure user account, which [with the right tools] can get you admin access, depending on installed patches and running software, or a carefully installed back door (that would do it for sure). He ALREADY added a secret login with admin privs, so why wouldn't he put in a back door (or two) as well? [this is a good reason for "get new computer, re-build from scratch" to fix this]
To add back doors, you could re-compile system stuff from modified source, or install your own dummy applications that run the real ones, or tack on 'virus-like' extensions to various programs that run in the context of 'root' or 'system' or 'administrator' and/or just install something that LOOKS like it belongs there, even signing it with your own certs [when needed] that you install [easy to do] when THAT kind of thing is necessary, yotta yotta yotta. Nothing new under the sun. These things are _EASY_ to do... which is why senior admins and/or managers need to watch out for that kind of crap.
(but a lazy crooked sysadmin would probably install some "toolz" purchased off the darknet)
Biting the hand that feeds IT
