1 / 7

Active Directory Assessment Results

Active Directory Assessment Results. Click here to view in Azure Log Analytics. Executive Summary. 1. What went well:. 92 % Passed. Upgrade, Migration and Deployment. 2. What needs Improvement:. Availability and Business Continuity. 3. Highest Priority Recommendations:.

goodrow
Télécharger la présentation

Active Directory Assessment Results

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Active Directory Assessment Results Click here to view in Azure Log Analytics

  2. Executive Summary 1. What went well: 92% Passed • Upgrade, Migration and Deployment 2. What needs Improvement: • Availability and Business Continuity 3. Highest Priority Recommendations: • Configure additional domain controllers on the domain

  3. Availability and Business Continuity • Highest Priority Recommendations • Configure additional domain controllers on the domain Backup Active Directory immediately and implement a regular backup schedule Enable prevention of accidental deletions of DNS zones stored in Active Directory Domain Services (ADDS) Create additional global catalog servers Configure the Root PDC with an Authoritative Time Source and Avoid Widespread Time Skew Configure static IP addresses on domain controllers Add subnet definitions to Active Directory sites Configure the Domain Name System (DNS) servers to point to more than one DNS forwarder Consider creating multiple Active Directory sites if your physical environment has multiple locations Perform a backup of the affected Active Directory partition at least once in the period defined by the Backup latency interval value 93% Passed

  4. Security and Compliance • Highest Priority Recommendations • Clear the property of user accounts allowing them to have blank passwords Mitigate security risks by configuring “Deny log on as a service” Permission Mitigate security risks by configuring “Deny access to this computer from the network” permission Mitigate Security Risks By Configuring “Deny Log On Locally” Permission Mitigate security risks by configuring “Deny log on as a batch job” Permission Mitigate Security Risks By Configuring ”Deny Log On Through Remote Desktop Services” Permission Enforce password expiry policies for members of well-known administrative groups Validate all accounts having passwords that do not expire Remove all members from the Schema Admins group unless you are actively changing the schema Set the account lockout threshold to the recommended value 87% Passed

  5. Upgrade, Migration and Deployment • Highest Priority Recommendations • Consider raising Domain Functional Level 97% Passed

  6. Performance and Scalability • Highest Priority Recommendations • Ensure Active Directory sites have associated subnets 98% Passed

  7. Operations and Monitoring • Highest Priority Recommendations • Regularly check for and remove inactive user accounts in Active Directory Associate subnet definitions with the relevant sites Check that having all Domain Controllers virtualized is a sensible design decision for your environment Prepare to provision users through directory synchronization to Office 365 Disable the user section if the GPO does not contain user settings 91% Passed

More Related