Active Directory Security dot com

Complete Coverage of Delegation, Security Audit & Compliance Reporting in Active Directory

Brought to you by former Microsoft Program Manager for Active Directory Security
REFERENCE GUIDANCE REPORTING
Reference | Top-20 D | Risks | FAQ Delegate | Verify | Assess | Audit | Report | Comply Reports Tools
| Overview | What To Audit in Active Directory | Top-100 Security Audit Reports | How to Audit Security |




What to Audit in Active Directory




Active Directory is the focal point of IT security audit and regulatory compliance reporting in a Microsoft Winodows Server based IT infrastructure.

IT Managers and IT admins are often tasked with auditing Active Directory to fulfil internal security audit and external regulatory compliance requirements.

This section helps IT managers and IT admins understand what IT resources (and what security aspects thereof) in the Active Directory should be included in audits.

Resources covered in this section include –




What to Include in an Active Directory Audit   –


Resources to include in an Audit Aspects of resource to include in Audit

1. Domain User Accounts

Domain user accounts need to be audited because they are used to authenticate users and provide authorized access to organizational IT resources.
  • User Account Status
    (e.g. Disabled, Expired, Locked)
  • User Account Activity
    (e.g. Active, Inactive, Last Logon)
  • User Account Security
    (e.g. Password Required, Expires)
  • User Account Administration
    (Who can manage accounts?)

2. Domain-joined Computers (Accounts)

Domain-joined computers (i.e. their accounts) need to be audited because they are in fact Kerberos security principals that play an essential role in providing end-users secure access to network resources and in providing secure distributed access to resources stored on them.
  • Computer Account Status
    (e.g. Enabled, Disabled, Locked)
  • Computer Account Activity
    (e.g. Active, Inactive, Last Logon)
  • Computer Account Security
    (e.g. Trusted for Delegation)
  • Computer Account Administration
    (Who can manage accounts?)

3. Domain Security Groups

Domain security groups need to be audited because they are used to aggregate users for the purpose of provisioning (enabling) authorized access to organizational IT resources.
  • Security Group Status
    (e.g. Type, Scope)
  • Security Group Membership
    (e.g. Members, Member Count)
  • Security Group Nesting
    (e.g. Membership in other Groups)
  • Security Group Administration
    (Who can manage groups?)

4. Organizational Units & Containers

Organizational units and containers need to be audited because they are used to store and protect IT resources residing in the Active Directory.
  • OU & Container Status
    (e.g. Created On, Linked GPOs)
  • OU & Container Contents
    (e.g. Object count)
  • OU & Container Administration
    (Who can manage OUs?)
Gold Finger - Microsoft-endorsed, Active Directory Resultant Access/Security Auditing/Reporting Tool
About Copyright ActiveDirSec.Com 2008 – 2011. All Rights Reserved Disclaimer
Active Directory Security Active Directory Reports Active Directory Reporting Tools Cyber Security and Global Security
Active Directory Audit Tool Active Directory Reporting Tool Active Directory Reporting Tools Active Directory Effective Permissions