With the Symantec Threat Defense for Active Directory (TDAD) policy applied, a very large increase in the number of accounts with admin access is seen when running this command:
The number of admin accounts being returned from applying the mask is much larger than the default 6X obfuscation factor value.
The admincount value was incorrectly set to 1 for all fake users.
This issue is fixed in Symantec Endpoint Protection (SEP) 188.8.131.52 (RU5)
For information on how to obtain the latest build of SEP, see Download Symantec software, tools, and patches.
This issue is fixed in Symantec Endpoint Security (SES) 184.108.40.206 (RU5).
For information on how to upgrade the SES agent, see Upgrading Windows client software automatically.