Continuous Auditing of Active Directory with Scheduled Tasks

by Derek Melber
Sept. 1, 2017 0 comments TechGenix Pen Testing & Audits powershell windows client security

In my last two installments of “continuous auditing of Windows Active Directory”, we have covered some powerful ways for you, the auditor or security professional, to audit Windows Active Directory. The first article, Using PowerShell to Continuously Audit Security of Active Directory, focused on how to leverage the Windows 7 built-in technology of PowerShell. By using PowerShell, you can query information from Active Directory due to the read access that is granted to all users that are part of the domain. In my second installment, Using ADUC Saved Queries to Continuously Audit Windows Active Directory, we covered how to leverage the Active Directory Users and Computers tool to create Saved Queries. By using saved queries, you can simply “refresh” the view within the tool to see updated objects that meet the criteria that you are looking to audit.