We help IT Professionals succeed at work.

AD security scans

135 Views
Last Modified: 2016-02-15
are there any free tools that can audit the configuration of your active directory and domain controllers against best practices and provide a report of any non compliance issues? I appreciate a domain controller needs all the same security hardening that a member server does, but I was more after a tool to look at AD specific configs/best practices and how our setup meets the suggested best practices.
Comment
Watch Question

Technical Systems Analyst
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Dirk MareSystems Engineer (Acting IT Manager)
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
to add always good to take a look and reference to MS Best Practices for Securing Active Directory. Here is one for Windows 2008 AD. In fact, Microsoft Windows defaults and baseline recommendations were taken from the SCM and the latter can also be used to create initial baselines for your administrative hosts. http://blogs.microsoft.com/cybertrust/2013/06/03/microsoft-releases-new-mitigation-guidance-for-active-directory/
madunixExecutive IT Director, (EE MVE)
CERTIFIED EXPERT
Most Valuable Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
in fact, I also suggest for best practices aspect, to make sure the configuration and any conflict are flagged as well. Kinda of self checks on the baseline config is running fine without error to start off with. See the belwo suggested checks and also in particular, on the use of Active Directory Health Check Script
- Dcdiag.exe: Verification of successful domain controller deployment
- Repadmin /replsummary – Will show you an overview of any failures, and for which DC(s).
- Repadmin /showrepl – This will let you know if the last replication attempts where successful
http://www.cosonok.com/2012/08/how-to-do-active-directory-health-check.html
https://blog.thesysadmins.co.uk/active-directory-healthcheck-script.html
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.