Fundamentally, Active Directory is about user accounts. AD user accounts are the basis for identity and authentication across your on-premises estate but also across your cloud-based environments. After all, even if you are a heavy Microsoft 365 and Azure user, for the far majority of organizations, a corporate identity begins life as an AD user account that is then synchronized by Entra Cloud/Connect Sync up to Entrap (formerly Azure AD) in Microsoft cloud.
Therefore, I would argue that any attempt to assess your AD security should start with user accounts. In future webinars in this series, I’ll cover many other aspects of assessing your AD security, including things like domain controller and other tier 0 systems security. But in this real training for free session, I will help you find risks in your AD user accounts before your internal IT auditors, external accounting firms or red teams do.
Here are some of the areas I’ll help you investigate:
- Dormant user accounts
- User accounts with password risks
- Duplicate accounts
- Non-human account risks
- Accounts being mis-used
- User account control options
- Finding all privileged accounts
- Delegated permission on user accounts
- User accounts of terminated employees
To find all of the risks requires a full understanding of Active Directory and Windows authentication and logon. It’s also important to understand the provisioning process of your organization, any tie-in to HR or ticketing systems as well as identity management systems. Knowledge about your organization’s naming conventions and the use of LDAP fields like job title, department, managers, and employee numbers is also highly useful. You also need security log activity from domain controllers and member computers.
This is a free-standing episode in my new “Assessing the Security of Your Active Directory” real training for free series, in which I share what I’ve learned from my AD audit practice and from teaching public accounting firms and regulatory bodies like the FDIC, how to assess Active Directory security. My goal is to help you identify and fix your risks before auditors, regulators, red teamers or – most importantly – attackers do.
Netwrix is making this real training for free session possible and I’m very excited that Jeff Warren will be joining me. Jeff is truly an expert on AD security and has helped me on some of our most successful webinars in the past. Jeff is now CTO at Netwrix and after our educational session he will briefly show you how Netwrix Auditor for Active Directory helps you automate your ongoing AD security efforts.
Please join us for this real training for free session.