Professional Documents
Culture Documents
Active Directory Audit Work Program
Active Directory Audit Work Program
2 Source: www.knowledgeleader.com
ACTIVE DIRECTORY AUDIT WORK PROGRAM:
ARCHITECTURE/DESIGN
Planning
Fieldwork
The complete active directory (AD) work program covers the following areas:
• User Management/Administration
− General
− User ID Creation
− User ID Maintenance
− User ID Termination
− Access Request Procedures
− Powerful User Rights
• Architecture/Design
− General
− Domain Structure
− Supporting Infrastructure
− Failover/Availability
• Replication
− General
− Database Maintenance
− Replication Management
• Infrastructure
− General
− Platform Configuration
− Platform Security
GENERAL
3 Source: www.knowledgeleader.com
Preferred Controls/Goal State for Intent/Status of
Key Control Question(s) Owner(s)
Production Designed Control
DOMAIN STRUCTURE
4 Source: www.knowledgeleader.com
Preferred Controls/Goal State for Intent/Status of
Key Control Question(s) Owner(s)
Production Designed Control
5 Source: www.knowledgeleader.com
Preferred Controls/Goal State for Intent/Status of
Key Control Question(s) Owner(s)
Production Designed Control
how active directory objects are created, modified and deleted. This
(user groups mainly) are should include the change control
created, modified and processes that define the schedule,
deleted (including how and testing, backup, naming conventions
when users are added to and restoration steps for this change.
groups)?
All objects should be clearly defined and
documented with the object name and
description on purpose, permission and
scope.
Has the forest root been A forest root should be created with
created for top-level minimal user and administrator
administration purposes with accounts. This allows additional
minimal user and administrative segregation of all
administrator accounts? domains under the root forest. The few
forest root administrators would have
access to all domains.
SUPPORTING INFRASTRUCTURE
6 Source: www.knowledgeleader.com
Preferred Controls/Goal State for Intent/Status of
Key Control Question(s) Owner(s)
Production Designed Control
FAILOVER/AVAILABILITY
7 Source: www.knowledgeleader.com
Preferred Controls/Goal State for Intent/Status of
Key Control Question(s) Owner(s)
Production Designed Control
8 Source: www.knowledgeleader.com
Preferred Controls/Goal State for Intent/Status of
Key Control Question(s) Owner(s)
Production Designed Control
9 Source: www.knowledgeleader.com
ACTIVE DIRECTORY AUDIT WORK PROGRAM:
INFRASTRUCTURE
Planning
Fieldwork
The complete active directory work program covers the following areas:
• User Management/Administration
− General
− User ID Creation
− User ID Maintenance
− User ID Termination
− Access Request Procedures
− Powerful User Rights
• Architecture/Design
− General
− Domain Structure
− Supporting Infrastructure
− Failover/Availability
• Replication
− General
− Database Maintenance
− Replication Management
• Infrastructure
− General
− Platform Configuration
− Platform Security
GENERAL
10 Source: www.knowledgeleader.com
Preferred Controls/Goal State for Intent/Status of
Key Control Question(s) Owner(s)
Production Designed Control
11 Source: www.knowledgeleader.com
PLATFORM CONFIGURATION
Request a list of all services All services running on the servers have
running on each of the been approved for use, outlining the
active directory servers. majority of which follow policy.
Verify that the services
The services falling outside of policy
running have been approved
have documented business needs on
for use.
file. Additionally, the risks surrounding
• Do any of the services these services have been fully
fall outside of policy? investigated and the business owners
What actions were taken have assumed responsibility for them.
for these services to be
All services have been configured to the
approved for use?
appropriate system ports.
• Verify that all the
approved services have
been configured to the
appropriate system ports.
Has a group policy, including The domain group policy object (GPO),
security parameters, been “default domain policy,” should contain
12 Source: www.knowledgeleader.com
Preferred Controls/Goal State for Intent/Status of
Key Control Question(s) Owner(s)
Production Designed Control
Are all systems built off a All systems should contain file systems
secure file system that that are configured to use (Name). Other
allows access controls? file systems do not allow server file
permissions to be implemented.
13 Source: www.knowledgeleader.com
Preferred Controls/Goal State for Intent/Status of
Key Control Question(s) Owner(s)
Production Designed Control
PLATFORM SECURITY
14 Source: www.knowledgeleader.com
Preferred Controls/Goal State for Intent/Status of
Key Control Question(s) Owner(s)
Production Designed Control
For maximum security, are On the most critical servers of the active
server administration tasks directory implementation, administration
carried out from the server tasks should only be allowed from the
console? server console. Remote administration
should not be permitted.
15 Source: www.knowledgeleader.com
ACTIVE DIRECTORY AUDIT WORK PROGRAM: USER
MANAGEMENT/ADMINISTRATION AND ACCESS
REQUEST PROCEDURES
Planning
Fieldwork
The complete active directory work program covers the following areas:
• User Management/Administration
− General
− User ID Creation
− User ID Maintenance
− User ID Termination
− Access Request Procedures
− Powerful User Rights
• Architecture/Design
− General
− Domain Structure
− Supporting Infrastructure
− Failover/Availability
• Replication
− General
− Database Maintenance
− Replication Management
• Infrastructure
− General
− Platform Configuration
− Platform Security
16 Source: www.knowledgeleader.com
Preferred Controls/Goal State for Intent/Status of
Key Control Question(s) Owner(s)
Production Designed Control
17 Source: www.knowledgeleader.com
ACTIVE DIRECTORY WORK PROGRAM: USER
MANAGEMENT/ADMINISTRATION – GENERAL
Planning
Fieldwork
The complete active directory work program covers the following areas:
• User Management/Administration
− General
− User ID Creation
− User ID Maintenance
− User ID Termination
− Access Request Procedures
− Powerful User Rights
• Architecture/Design
− General
− Domain Structure
− Supporting Infrastructure
− Failover/Availability
• Replication
− General
− Database Maintenance
− Replication Management
• Infrastructure
− General
− Platform Configuration
− Platform Security
Request and review policies Policies are detailed in nature and cover
regarding user management all relevant areas of concern, including
and administration. security and access controls.
18 Source: www.knowledgeleader.com
Preferred Controls/Goal State for Intent/Status of
Key Control Question(s) Owner(s)
Production Designed Control
Have the policies been All affected individuals and groups have
accepted by the affected adopted the stated policies and conduct
individuals and/or groups? their business according to them.
• Are these individuals Periodic checks with the affected
and/or groups adhering members help ensure the relevancy and
to the policies? acceptance of the policies.
19 Source: www.knowledgeleader.com
Preferred Controls/Goal State for Intent/Status of
Key Control Question(s) Owner(s)
Production Designed Control
20 Source: www.knowledgeleader.com
Preferred Controls/Goal State for Intent/Status of
Key Control Question(s) Owner(s)
Production Designed Control
length? characters
• How often do passwords • Passwords must use characters from
expire? at least X of the following categories:
• Can passwords match − Uppercase letters
usernames? − Lowercase letters
• Can users repeat − Numbers
passwords and how − Nonalphanumeric symbols
many generations of
password history are • All passwords used on the same
maintained? system in the past year must be
significantly different.
• How many invalid login
attempts does it take an • Force user password changes every
account to become X days.
disabled? • Force administrator password
• Do passwords require changes every X days.
alphanumeric • Passwords cannot be changed more
characters? frequently than every X days unless a
• Are there current policies password compromise is suspected.
and procedures to • Disable accounts after X invalid login
monitor event logs for attempts for X minutes.
failed logins or other
security breaches?
• Is there a procedure to
alert management if a
user gets locked out of
the system a certain
number of times (e.g.,
after several failed logins,
a user is locked out and
must call the help desk to
become re-enabled)?
• Are passwords case
sensitive?
• Are new users prompted
to change temporary
passwords upon logging
in for the first time?
• Do the password controls
apply to all accounts,
including all administrator
accounts?
21 Source: www.knowledgeleader.com
Preferred Controls/Goal State for Intent/Status of
Key Control Question(s) Owner(s)
Production Designed Control
naming conventions
• Administrator ID naming
conventions
22 Source: www.knowledgeleader.com
ACTIVE DIRECTORY AUDIT WORK PROGRAM: USER
MANAGEMENT/ADMINISTRATION AND POWERFUL USER
RIGHTS
Planning
Fieldwork
The complete active directory work program covers the following areas:
• User Management/Administration
− General
− User ID Creation
− User ID Maintenance
− User ID Termination
− Access Request Procedures
− Powerful User Rights
• Architecture/Design
− General
− Domain Structure
− Supporting Infrastructure
− Failover/Availability
• Replication
− General
− Database Maintenance
− Replication Management
• Infrastructure
− General
− Platform Configuration
− Platform Security
23 Source: www.knowledgeleader.com
Preferred Controls/Goal State for Intent/Status of
Key Control Question(s) Owner(s)
Production Designed Control
24 Source: www.knowledgeleader.com
Preferred Controls/Goal State for Intent/Status of
Key Control Question(s) Owner(s)
Production Designed Control
25 Source: www.knowledgeleader.com
ACTIVE DIRECTORY AUDIT WORK PROGRAM: USER
MANAGEMENT/ADMINISTRATION AND USER ID
CREATION
Planning
Fieldwork
The complete active directory work program covers the following areas:
• User Management/Administration
− General
− User ID Creation
− User ID Maintenance
− User ID Termination
− Access Request Procedures
− Powerful User Rights
• Architecture/Design
− General
− Domain Structure
− Supporting Infrastructure
− Failover/Availability
• Replication
− General
− Database Maintenance
− Replication Management
• Infrastructure
− General
− Platform Configuration
− Platform Security
26 Source: www.knowledgeleader.com
Preferred Controls/Goal State for Intent/Status of
Key Control Question(s) Owner(s)
Production Designed Control
Are all users granted unique All users should have a unique user
user accounts? account that is used to perform all tasks.
The use of group or shared accounts
should be banned to help ensure
accountability for all actions.
27 Source: www.knowledgeleader.com
ACTIVE DIRECTORY AUDIT WORK PROGRAM: USER
MANAGEMENT/ADMINISTRATION – USER ID
MAINTENANCE
Planning
Fieldwork
The complete active directory work program covers the following areas:
• User Management/Administration
− General
− User ID Creation
− User ID Maintenance
− User ID Termination
− Access Request Procedures
− Powerful User Rights
• Architecture/Design
− General
− Domain Structure
− Supporting Infrastructure
− Failover/Availability
• Replication
− General
− Database Maintenance
− Replication Management
• Infrastructure
− General
− Platform Configuration
− Platform Security
28 Source: www.knowledgeleader.com
Preferred Controls/Goal State Intent/Status of
Key Control Question(s) Owner(s)
for Production Designed Control
29 Source: www.knowledgeleader.com
Preferred Controls/Goal State Intent/Status of
Key Control Question(s) Owner(s)
for Production Designed Control
30 Source: www.knowledgeleader.com
ACTIVE DIRECTORY AUDIT WORK PROGRAM: USER
MANAGEMENT/ADMINISTRATION AND USER ID
TERMINATION
Planning
Fieldwork
The complete active directory work program covers the following areas:
• User Management/Administration
− General
− User ID Creation
− User ID Maintenance
− User ID Termination
− Access Request Procedures
− Powerful User Rights
• Architecture/Design
− General
− Domain Structure
− Supporting Infrastructure
− Failover/Availability
• Replication
− General
− Database Maintenance
− Replication Management
• Infrastructure
− General
− Platform Configuration
− Platform Security
31 Source: www.knowledgeleader.com
Preferred Controls/Goal State for Intent/Status of
Key Control Question(s) Owner(s)
Production Designed Control
32 Source: www.knowledgeleader.com