Skip to content
Pro IT NW

Identity / Sub-service 01

Active Directory audit consultant.
Two weeks. Plain-English findings.

Most AD environments haven't been formally assessed since they were built. We audit forest health, replication, FSMO, schema, OUs, GPOs, and privileged-account hygiene — and tell you, in plain language, what to fix and in what order.

Service detail

What an Active Directory health audit covers

A two-week engagement that produces a green / yellow / red forest health report, a prioritized remediation backlog, and a current-state architecture diagram. No black-box scoring — plain-English findings you can take to your operations team.

What we audit

  • Forest and domain functional levels
  • Domain controller inventory, replication health, FSMO role placement
  • Schema extensions and history
  • OU structure, GPO bloat, and orphaned objects
  • Privileged group membership (Domain Admins, Enterprise Admins, Schema Admins)
  • Service account inventory and password hygiene
  • DNS zone integration, AD Sites and Services topology
  • Audit log configuration and retention

Common findings

  • Ghost domain controllers in NTDS that nobody decommissioned
  • GPO sprawl — hundreds of policies, dozens still linked, none documented
  • Privileged accounts with passwords older than 5 years
  • Service accounts with Domain Admin where Service Account would suffice
  • Functional level stuck below what the OS supports
  • Replication failures masked by intermittent success

What you get

  • Forest health report — green / yellow / red per area
  • Prioritized remediation backlog
  • Architecture diagram of the current state
  • Recommended remediation phases (typically 30 / 60 / 90 day)
  • Optional remediation engagement scoped from the audit findings

Related reading

Field notes from the AD work.

  • The mid-market right-sized Tier-0 implementation: AD Tier-0 in 90 Days: Mid-Market Edition — the 12-week plan, the four primary controls, and the simplifications that make the model fit a 100–500-user shop.

FAQ

Common questions about AD audits.

What does an Active Directory audit consultant do?

An Active Directory audit consultant performs a read-only assessment of forest and domain functional levels, domain controller inventory and replication health, FSMO role placement, schema extensions, OU and GPO hygiene, privileged-group membership (Domain Admins, Enterprise Admins, Schema Admins), service-account inventory and password hygiene, DNS integration, AD Sites and Services topology, audit log configuration, and Tier-0 protection posture. Tooling layered in where customer policy allows: PingCastle, Purple Knight, BloodHound. The deliverable is a forest health report (green / yellow / red per area), prioritized remediation backlog, current-state architecture diagram, and a phased 30/60/90-day remediation plan.

What does an Active Directory audit include?

Forest and domain functional levels, domain controller inventory and replication health, FSMO role placement, schema extensions, OU and GPO hygiene, privileged-group membership (Domain Admins, Enterprise Admins, Schema Admins), service-account inventory and password hygiene, DNS integration, AD Sites and Services topology, audit log configuration, and Tier-0 protection posture. We layer in PingCastle, Purple Knight, and BloodHound output where customer policy allows.

How does an AD audit differ from a 'security assessment'?

AD audits focus on identity-substrate health: forest stability, replication, role placement, privileged-account hygiene, and the things that quietly degrade until something breaks. A general security assessment covers a wider perimeter — endpoints, network, M365 — but typically goes shallower on AD itself. Our audit is AD-specific and goes deep.

Will the audit cause any production impact?

Read-only by design. Inventory and configuration queries against domain controllers, repadmin checks, ADSI lookups. No writes, no schema changes, no replication forced. We coordinate the running window with your operations team and pause if anything looks unusual.

What do we get at the end?

Forest health report (green / yellow / red per area), prioritized remediation backlog, current-state architecture diagram, and a recommended phased remediation plan (typically 30 / 60 / 90 day waves). If remediation work follows, it's scoped from the audit findings — not a separate discovery.

When was the last time AD was formally audited?

If the answer is 'never' or 'when we built it,' it's time. Two-business-day response with scope and timeline.