# ad-audit-techniques **I. Creating an AD Snapshot with Active Directory Explorer** * **AD Explorer (Sysinternals):** * Advanced AD viewer and editor. * Allows easy navigation, object property viewing, permission editing, schema viewing, and sophisticated searches. * Can save snapshots of AD databases for offline viewing and comparison. * Useful for before-and-after comparisons to detect changes. * **Usage:** * Login with any valid domain user. * Browse AD objects. * Create snapshots (File -> Create Snapshot). * Analyze snapshots offline. **II. PingCastle** * **Purpose:** * Evaluates AD security posture. * Provides results in maps and graphs. * Generates detailed security reports based on CMMI. * Helps gather host inventories. * **Key Features:** * Health checks, consolidated reports, domain maps, workstation scans, and data exports. * Reports on misconfigurations, vulnerabilities, shares, trusts, permissions, and user/computer states. * Reports on recent vulnerability susceptibility. * **Usage:** * Run `PingCastle.exe` in CMD or PowerShell. * Use interactive mode or command-line switches (e.g., `--help`). * Generate health check reports. * Utilize scanner options for specific checks. * Analyze generated reports and maps. * **Important Note:** * If you have issues running the tool, change the system date to before July 31st, 2023. **III. Group3r** * **Purpose:** * Finds vulnerabilities in AD Group Policy. * Requires a domain-joined host or domain user context. * **Usage:** * Run `group3r.exe -f ` or `group3r.exe -s` * Use `-h` for help. * Analyze output (indentation indicates levels). * Output will show the GPO, policy settings, and findings. * **Key Feature:** * Can find issues that other tools might overlook. **IV. ADRecon** * **Purpose:** * Gathers a large amount of AD data at once. * Useful when stealth is not a primary concern. * **Usage:** * Run `ADRecon.ps1`. * Analyze generated HTML and CSV reports. * Excel needs to be installed for automatic HTML report generation. * The GroupPolicy powershell module needs to be installed for Group Policy reporting. * Use `-GenExcel` to generate Excel reports from CSV files. * **Output:** * Reports on domains, forests, trusts, sites, subnets, password policies, domain controllers, users, groups, OUs, GPOs, DNS, printers, computers, LAPS, and BitLocker. **V. Reporting** * **Importance:** * Provides comprehensive information to clients. * Aids in problem-solving and security improvements. * Helps clients get funding to fix security issues. * **Key Takeaways:** * These tools enhance AD auditing and security assessments. * They provide detailed data and visualizations for analysis. * Proper reporting is essential for effective security improvements. * Using multiple tools will provide for a much more complete view of a domains security posture.