ActiveDirSec.Org

The world's most trusted forum on Active Directory Security


Post Info TOPIC: Looking for an Active Directory Risk Assessment Tool


Newbie

Posts: 1
Date: Jan 8, 2013
Looking for an Active Directory Risk Assessment Tool
Permalink  
 


Hi Everyone,

We are looking for an Active Directory Risk Assessment Tool to perform a risk assessment of one of our Active Directory domains deployed in the DMZ. We've looked around a bit but haven't found any Active Directory Risk Assessment Tool per se.

We have a decent idea of what to cover in our Active Directory Risk Assessment (e.g. List of Administrators, Default Administrative Group Memberships, Delegated Administrative Access, Domain Security Policies, Unpatched Domain Controllers etc.) but don't really have a way of getting all this information easily. 

If anyone knows of a tool that could help us perform an Active Directory Risk Assessment, could you please let me know?

Thank you.

Mary Anne.



__________________

I love my Samsung Galaxy S3!



Member

Posts: 8
Date: Feb 12, 2013
RE: Looking for an Active Directory Risk Assessment Tool
Permalink  
 


Hi MaryAnne,

That's a good question. I'm not sure there's a dedicated tool available to perform Active Directory Risk Assessments, but I suppose one could build a toolset consisting of a few tools and use it to perform risk assesments.

For general Active Directory health and replication issues, I have dcdiag, ntdsutilnetdom, and dsacls in my toolset, and they are all helpful. dsquery can also be quite valuable once you know how use it.

We're in the midst of performing Active Directory audits so have been looking to put together a toolset of sorts. The only area where we've found to be challenging is trying to figure out effective delegations in our Active Directory (i.e. who has what effective administrative access in our AD).

We'll continue to look. If you know of a tool that could help us identify our delegations in AD, could you please let me know. Likewise, if I find out of an efficient way to do so, I'll be happy to let you know.

Good luck to you.

Richard.



__________________

I would trade all my technology for an afternoon with Socrates - Steve Jobs



Member

Posts: 5
Date: Feb 28, 2013
Looking for an Active Directory Risk Assessment Tool
Permalink  
 


Hi MaryAnne,

We perform Active Directory Security Audits for many organizations, but we do mostly do so manually, using standard Microsoft tools like dsacls etc. I am not familiar with any special-purpose / dedicated Active Directory Risk Assessment tools.

If our services could be of help to you, please let me know. More info on our services is at - http://www.active-directory-security-audit.com

Good luck to you.

Ryan



__________________

We help organizations with Active Directory Security Audit services.

Page 1 of 1  sorted by
Quick Reply

Please log in to post quick replies.

Post to Digg Post to Del.icio.us
Members Login
Username 
 
Password 
    Remember Me