Pau Lo
asked on
AD security scans
are there any free tools that can audit the configuration of your active directory and domain controllers against best practices and provide a report of any non compliance issues? I appreciate a domain controller needs all the same security hardening that a member server does, but I was more after a tool to look at AD specific configs/best practices and how our setup meets the suggested best practices.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
to add always good to take a look and reference to MS Best Practices for Securing Active Directory. Here is one for Windows 2008 AD. In fact, Microsoft Windows defaults and baseline recommendations were taken from the SCM and the latter can also be used to create initial baselines for your administrative hosts. http://blogs.microsoft.com/cybertrust/2013/06/03/microsoft-releases-new-mitigation-guidance-for-active-directory/
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
in fact, I also suggest for best practices aspect, to make sure the configuration and any conflict are flagged as well. Kinda of self checks on the baseline config is running fine without error to start off with. See the belwo suggested checks and also in particular, on the use of Active Directory Health Check Script
- Dcdiag.exe: Verification of successful domain controller deployment
- Repadmin /replsummary – Will show you an overview of any failures, and for which DC(s).
- Repadmin /showrepl – This will let you know if the last replication attempts where successful
http://www.cosonok.com/2012/08/how-to-do-active-directory-health-check.html
https://blog.thesysadmins.co.uk/active-directory-healthcheck-script.html
- Dcdiag.exe: Verification of successful domain controller deployment
- Repadmin /replsummary – Will show you an overview of any failures, and for which DC(s).
- Repadmin /showrepl – This will let you know if the last replication attempts where successful
http://www.cosonok.com/2012/08/how-to-do-active-directory-health-check.html
https://blog.thesysadmins.co.uk/active-directory-healthcheck-script.html