Active Directory / LDAP Assessment

What We Assess

8 Areas We Examine

Password Policy

Minimum length, complexity, lockout policy, and password age requirements.

Privileged Account Sprawl

How many Domain Admins exist? Are service accounts over-privileged?

Kerberoasting Exposure

Are service accounts using weak passwords with SPNs set? Exploitable via Kerberoasting?

Stale and Dormant Accounts

Accounts not logged into in 90+ days? Departed employee accounts still active?

Group Policy Objects

GPOs applying security settings consistently? No conflicting or overriding policies?

LDAP Signing and Binding

LDAP signing enforced? Null base LDAP queries blocked?

Admin Workstation Policy

Are Domain Admins logging into regular workstations? Jump hosts in use?

Replication Health

Is AD replication healthy across all DCs?

Who This Assessment Is For

Any organisation running Windows Server with Active Directory — common in banks, NBFCs, manufacturers, hospitals, and government entities.

Common Findings We Uncover

40+ Domain Admin accounts in a 200-user org

Service accounts with Domain Admin rights

Passwords never expire for service accounts

Ex-employees with active AD accounts

LDAP null binding enabled

Compliance Frameworks Mapped

CIS Microsoft Windows Server BenchmarkCERT-InSEBI CSCRFRBI IT FrameworkNCSC Active Directory Security

We use Azure AD / Entra ID — is this applicable?

Yes, with some differences. We cover hybrid AD environments and Entra ID-specific risks.

Do you need Domain Admin access?

No — the assessment is questionnaire-based. SpectraAgent can do a read-only AD audit without making changes.

Start the Active Directory / LDAP Assessment now. Free for first 2 assessments. Results in under 10 minutes.

No agents. No server access required. No credit card.