server-manager.PNG

<div>
to add always good to take a look and reference to MS Best Practices for Securing Active Directory. Here is one for Windows 2008 AD. In fact, Microsoft Windows defaults and baseline recommendations were taken from the SCM and the latter can also be used to create initial baselines for your administrative hosts. <a href="http://blogs.microsoft.com/cybertrust/2013/06/03/microsoft-releases-new-mitigation-guidance-for-active-directory/" rel="ugc">http://blogs.microsoft.com/cybertrust/2013/06/03/microsoft-releases-new-mitigation-guidance-for-active-directory/</a>
</div>


<div>
in fact, I also suggest for best practices aspect, to make sure the configuration and any conflict are flagged as well. Kinda of self checks on the baseline config is running fine without error to start off with. See the belwo suggested checks and also in particular, on the use of Active Directory Health Check Script<br />
- Dcdiag.exe: Verification of successful domain controller deployment<br />
- Repadmin /replsummary – Will show you an overview of any failures, and for which DC(s).<br />
- Repadmin /showrepl – This will let you know if the last replication attempts where successful<br />
<a href="http://www.cosonok.com/2012/08/how-to-do-active-directory-health-check.html" rel="ugc">http://www.cosonok.com/2012/08/how-to-do-active-directory-health-check.html</a><br />
<a href="https://blog.thesysadmins.co.uk/active-directory-healthcheck-script.html" rel="ugc">https://blog.thesysadmins.co.uk/active-directory-healthcheck-script.html</a>
</div>


<div>
<div class="content wysiwyg-content">
are there any free tools that can audit the configuration of your active directory and domain controllers against best practices and provide a report of any non compliance issues? I appreciate a domain controller needs all the same security hardening that a member server does, but I was more after a tool to look at AD specific configs/best practices and how our setup meets the suggested best practices.
</div>
</div>


are there any free tools that can audit the configuration of your active directory and domain controllers against best practices and provide a report of any non compliance issues? I appreciate a domain controller needs all the same security hardening that a member server does, but I was more after a tool to look at AD specific configs/best practices and how our setup meets the suggested best practices.

AD security scans

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.

Windows OS

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

OS Security

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.