Question 1

What is an Active Directory security assessment?

Accepted Answer

A comprehensive evaluation examining configuration, administrative practices, privilege structures, group policies, trust relationships, and attack paths against DoD STIG and Microsoft standards. The goal is to identify misconfigurations and create a prioritized remediation plan.

Question 2

How long does the assessment take?

Accepted Answer

Data collection takes 2-5 business days. Report delivery is within one week of completion. Full engagement typically spans 2-3 weeks from scoping through final report. The assessment requires minimal team time and causes zero disruption.

Question 3

Do you need remote access or admin credentials?

Accepted Answer

No. We do not require remote access, VPN credentials, domain admin accounts, or elevated permissions. The entire process uses screen-sharing with your IT team present for full visibility and control.

Question 4

What is the difference between an AD assessment and a penetration test?

Accepted Answer

An assessment evaluates configuration and identifies misconfigurations and attack paths through expert analysis. A penetration test actively exploits weaknesses, simulating escalation from a low-privileged account to Domain Admin. We recommend conducting the assessment first, implementing remediation, then validating with a penetration test.

Question 5

What security standards do you benchmark against?

Accepted Answer

We benchmark against two primary standards: the US Department of Defense Active Directory STIG (published by DISA) and Microsoft's comprehensive Active Directory security documentation.

Question 6

How much does the assessment cost?

Accepted Answer

We use a transparent, fixed-price model calculated on the time required for your specific AD environment, determined during scoping. Smaller, simpler environments cost less than large enterprises with multiple domains. Payment is due only after receiving the report - and only if you're satisfied with the quality.

Question 7

Will the assessment disrupt our operations?

Accepted Answer

No. Our approach is non-intrusive: screen-sharing sessions scheduled at your convenience, no system downtime, no configuration changes, no active exploitation. The only requirement is IT team availability for scheduled sessions.

Question 8

How often should we assess our Active Directory?

Accepted Answer

Minimum annually. AD environments change constantly with new users, systems, Group Policy changes, and employee departures. Semi-annual assessments are recommended for rapidly growing organizations. Immediate reassessment should follow any security incident or major infrastructure change.

Question 9

What happens after report delivery?

Accepted Answer

We conduct a live review session with IT leadership, walking through the Step-by-Step AD Security Plan, explaining priorities, and answering questions. Organizations can implement using internal IT teams. Many clients engage us for ongoing virtual CISO services to oversee implementation.

Question 10

Do you assess Azure Active Directory (Entra ID)?

Accepted Answer

Yes. For hybrid environments, the scope can include Microsoft Entra ID alongside on-premises Active Directory. Hybrid identity creates additional attack surface where cloud and on-premises systems interact. Cloud identity review scope and pricing are determined during scoping.

Question 11

Can the assessment help with compliance audits?

Accepted Answer

Significantly. Active Directory hardening is assessed across SOC 2 (CC6 access control), ISO 27001 (Annex A), NIST 800-53 (AC and IA control families), HIPAA (access management), and CMMC. Organizations addressing our findings typically report cleaner compliance audit outcomes.

Question 12

What is a Domain Admin escalation path?

Accepted Answer

A sequence of steps exploiting Active Directory misconfigurations that allows an attacker with low-privileged access to elevate to Domain Administrator level. At Domain Admin, the attacker controls the entire domain: accessing any system, creating persistent backdoors, extracting credentials, and deploying ransomware. These paths are critical findings because they represent worst-case scenarios - and are preventable.

Active Directory Security Assessment

What is Active Directory Security Assessment?

Who Needs Active Directory Security Assessment?

Ready to get started?

Our Methodology

Discovery

Attack Surface Analysis

Risk Prioritization

Remediation Roadmap

What You Get with Active Directory Security Assessment

Frequently Asked Questions

Book a Free Consultation