Avatar of Pau Lo
Pau Lo asked on

AD security scans

are there any free tools that can audit the configuration of your active directory and domain controllers against best practices and provide a report of any non compliance issues? I appreciate a domain controller needs all the same security hardening that a member server does, but I was more after a tool to look at AD specific configs/best practices and how our setup meets the suggested best practices.
Active DirectoryWindows OSOS SecuritySecurity

Avatar of undefined
Last Comment
btan

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Matt Minor

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
btan

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
btan

to add always good to take a look and reference to MS Best Practices for Securing Active Directory. Here is one for Windows 2008 AD. In fact, Microsoft Windows defaults and baseline recommendations were taken from the SCM and the latter can also be used to create initial baselines for your administrative hosts. http://blogs.microsoft.com/cybertrust/2013/06/03/microsoft-releases-new-mitigation-guidance-for-active-directory/
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
btan

in fact, I also suggest for best practices aspect, to make sure the configuration and any conflict are flagged as well. Kinda of self checks on the baseline config is running fine without error to start off with. See the belwo suggested checks and also in particular, on the use of Active Directory Health Check Script
- Dcdiag.exe: Verification of successful domain controller deployment
- Repadmin /replsummary – Will show you an overview of any failures, and for which DC(s).
- Repadmin /showrepl – This will let you know if the last replication attempts where successful
http://www.cosonok.com/2012/08/how-to-do-active-directory-health-check.html
https://blog.thesysadmins.co.uk/active-directory-healthcheck-script.html
Your help has saved me hundreds of hours of internet surfing.
fblack61