A group of information security professionals that does active directory audits recently noticed that they are repeating themselves over and over again.
So, the experts decided to write as much of this up as possible in a PowerShell script to make their lives easier. The experts chose PowerShell because they don’t want to drop an exe on a remote box.
This script doesn’t do everything, there’s still stuff to add.
It currently does the following:
- Password Policy Findings
- Looking for accounts that dont expire
- Looking for inactive/disabled accounts
- Looking for server 2003/XP machines connected to domain
- AD Findings
- Domain Trust Findings
- GPO Findings
- Trying to find SysVOL xml files containg cpassword
- Trying to save NTDS.dit
The information security experts share the link to the code: github.com/phillips321/adaudit
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.