Found domain users group in ADUC Administrators group

Which Administrators Group? The one in The Built in Container or Another? The Built in Administrators group is ADs equivalent of a local administrator on a computer. Gives you way too much control over a DC and AD but does not affect workstations or member computers. If someone added Domain Users into that group, that would give me the willies. The short answer to this is YES, remove them. There is no reason that group should be in ANY domain wide Administrators group. There are some networks where You use Group Policy to add the Domain Users group into the local admins group on Workstations but to me, even that is not a great idea.
  What this sounds like to me is someone tried to do this with Group Policy restricted groups and failed. Perhaps doing it at the Default domain Policy or Default Domain Controllers Policy, thinking it would not affect DCs and AD. I would check that also. I know this will happen if you do it that way. The only things that should be in the Administrators group is the Administrator (the built in Administrator Account in AD) and Domain Admins.

Thanks for the reply, Jeff. The builtin/administrators group has domain admins and domain users. it also has a local admin group from one of our OUs. I bet you are right in regard to group policy. A sys admin was trying to add domain users to the local admin group on their workstations through GP. I will check that.

I am going to remove domain users.

Thanks again.

So I removed domain users and now we have users telling us they are not able to delete files on their computers nor install programs.

Perfect, thanks again Jeff. It's been a while since I have configured GPOs but have been cleaning up AD here and have created OUs that I can use for GPs as you suggested.

It can be a challenge cleaning up after someone else.

Indeed!