Active Directory Security Assessments

Enhance your cyber resilience with comprehensive Active Directory Security Assessments from Kroll and proactively identify vulnerabilities and security issues before they can be exploited by attackers. Our Active Directory Security Assessment services can be delivered as part of our technical security assessments or as a stand-alone evaluation.
Talk to an Expert

Strengthen the Security of Your Active Directory Infrastructure

As one of the most critical components of your IT infrastructure, safeguarding your Microsoft Active Directory (AD) deployment is essential. With almost all your applications and tools integrated with Active Directory for authentication, directory browsing, and single sign-on, one cyber incident could disrupt your entire organization. 

Kroll’s Active Directory assessments are performed by a team of experts who have spent years perfecting their skills and testing new attack tools and techniques in order to provide unrivaled analysis and support.

Our Active Directory Security Assessments consist of an in-depth review and analysis of your current infrastructure deployment, based on Microsoft and industry best practices.

We leverage a combination of automated and manual testing methods, with the help of a variety of licensed and open-source tools to identify vulnerabilities that could be exploited by both unauthenticated and authenticated threat actors on your networks.

Our practitioners examine several key areas, including but not limited to:

  • User and computer accounts
  • Domain password policy
  • Trust configuration
  • Administration and privileged accounts
  • Active directory certificate services (AD CS)
  • Kerberos services
  • Kerberos delegation
  • Group policy security (GPO)
  • Access control lists (ACLs) and access control entries (ACEs)
  • Windows local administrator password solution (LAPS)

Once they identified the key issues, our specialists deliver tailored remediation guidance to fully address them.

A Field-Proven AD Assessment Methodology

Key Benefits of Active Directory Assessments from Kroll
Key Benefits of Active Directory Assessments from Kroll

As a trusted security partner to leading businesses around the world, we work to a proven and transparent assessment process, minimizing disruption to your organization while delivering the results you need. Our expert team will undertake an in-depth review of the current security status of your organization’s Active Directory deployment. Our assessment methodology is made up of the following three phases:

Phase 1: Preparation

Agree the scope of the assessment with the project coordinator. Access to the environment is agreed (remote or on-site), established and tested before starting the process.

The point of contact and the mode of communication/escalation are agreed.

Phase 2: Active Directory Security Audit Activities 

We review your organization’s existing documentation, discuss key aspects with your employees and run manual and automated reviews of the Active Directory configuration and settings.

Achieving this effectively relies on asking key scoping questions, including: 

  • How many Active Directory forests and domains will be reviewed?
  • How many computer accounts are part of the domains?
  • How many domain controllers are configured per Active Directory domain?
  • How many user accounts are enabled and disabled as part of the domain?
  • How many active trust relationships with other domains and/or forests?
  • Describe the network topology (flat, segmented, etc.)
  • The assessment is executed remotely within the Active Directory environment and covers:
  • Overview of the technical situation.
  • Detection of security issues, current misconfigurations, and bad practices.
  • Identification of critical systems and privileged domain accounts.
  • Identification of hidden Active Directory escalation paths.
  • Identification of the most common and effective attack vectors and how best to detect, mitigate, and prevent them.
  • Identification of unintended relationships within the Active Directory environment
  • Modelling of typical attacker methods and how they apply to the network, identifying the areas of concern and how best to mitigate them.
  • Customization of Active Directory security best practices to align with business process and requirements and minimize impact.
  • Provide advice on which items in the action plan to prioritize.
  • Undertake a group policy security analysis:
    • Review group policy object (GPO) admin rights (i.e., finding edit rights for accounts that are not Active Directory Administrators). 
    • Analyse and compare sets of GPOs for redundant settings, internal inconsistences. 
    • Review GPOs’ documentation.
    • List disabled or unlinked GPOs.
    • Review GPO templates and files for sensitive files (scripts, credentials, etc.).

Phase 3: Reporting

Our expert team delivers a security assessment report outlining the scope of the project, all discovered issues, and key findings and conclusions. We make recommendations including actionable items which enable your organization to mitigate the risks of the identified vulnerabilities, with a plan that allows you to perform tactical remediation to resolve the issues that pose the greatest threat.

Our Active Directory assessment process covers all of the areas shown in the diagram below.

Our Active Directory Assessment Process

Talk to a Kroll Expert

Kroll is ready to help, 24x7. Use the links on this page to explore our services further or speak to a Kroll expert today via our 24x7 cyber hotlines or our contact page. 

Cloud Penetration Testing Services

Kroll’s team of certified cloud pen testers uncover vulnerabilities in your cloud environment and apps before they can be compromised by threat actors.

Cloud Security Services

Kroll’s multi-layered approach to cloud security consulting services merges our industry-leading team of AWS and Azure-certified architects, cloud security experts and unrivalled incident expertise.

Penetration Testing Services

Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.


Microsoft 365 Security Assessment

Fortify your defenses and maximize your technology investment with a Microsoft 365 security assessment from Kroll.

Office 365 Security, Forensics and Incident Response

Digital forensic experts investigate hundreds of Office 365 incidents per year and help strengthen your security.

MDR for Microsoft 365

Immediately elevate your Office 365 security with 24x7 monitoring, analysis, and automated response using Kroll Responder for Office 365. Detect and respond to threats targeting email, Sharepoint, and third-party plugins leveraging frontline threat intelligence.