I always enjoy seeing the different tools used across different IT shops. In fact, one of the most common questions clients ask is what other companies are using to perform various functions in AD. So, today I figured I’d continue on with the Active Directory theme (started by Christian’s post regarding
If you are auditing Active Directory (AD) the most important “big miss” I see from auditors is neglecting some of the less-than-common administrator level accounts within AD.
In general, there are two types of accounts that I focus on when I audit AD.
1. Accounts and groups with explicit Administrator privileges, and
2. Accounts and groups with inherited Administrative privileges.