> Software > Protect > Identity > Active Directory > Vulnerability assessments for Active Directory

Getting started with Active Directory vulnerability assessment

This section describes how to deploy the Active Directory vulnerability assessment and run your first assessment.

Step 1 - Create a forest client

The forest client represents your Active Directory forest within the console.

  1. From the Command Center navigation pane, go to Protect > Active Directory.

  2. On the Forests tab, click Add Active Directory forest app.

Follow the wizard to install an agent on the first domain controller and select a storage plan.

The discovery credentials must have sufficient permissions to read Active Directory configuration and domain topology information.

After submission, the forest topology is discovered, the assessment is automatically run on the domain controller, and results are displayed in the console.

Step 2 - Deploy agents to additional domains or domain controllers

For multi-domain forests:

  • Install at least one agent per domain to enable domain-level assessment.

For full domain controller-level coverage:

  • Install the agent on each domain controller you want evaluated.

If an agent is not installed on a domain or domain controller, certain indicators may not be evaluated for that scope.

Deployment can be performed:

  • From the console (push install), or

  • Manually using the installation package

After installation, allow topology refresh to confirm the domain controller is discovered and available.

Step 3 - Run the assessment

Once the agent is deployed, the assessment automatically runs at the same time the topology is discovered. Assessments are run automatically once every day at the same time the AD forest topology is refreshed.

An assessment can be run manually at any time by clicking the Refresh summary data button on the Summary tile next to Discovery status.

During the assessment:

  • Agents collect configuration and security data.

  • Indicators are evaluated.

  • Findings are generated and categorized by severity.

Assessment duration depends on the number of domains and domain controllers in the forest.

Step 4 - Review assessment results

After the scan completes:

  1. Open the forest client.

  2. Review the summary in the Assessment result dashboard.

  3. Click on a specific indicator to view detailed findings.

Each finding includes:

  • A description of the issue

  • Severity classification

  • Remediation guidance

  • Reference information

Use the results to prioritize remediation activities.

×

Loading...