Each vulnerability finding in the Active Directory Vulnerability Assessment follows a consistent structure. This section explains how to interpret the information presented for every indicator.
Severity
All indicators are classified as Medium, High, or Critical.
Severity reflects the potential security impact if the condition is exploited.
-
Critical: High likelihood of compromise or domain-wide impact. Immediate remediation is recommended.
-
High: Significant security risk that could enable privilege escalation, lateral movement, or credential exposure.
-
Medium: Security weakness that increases risk but may require additional conditions for exploitation.
The assessment does not include low or informational-only indicators. All findings represent meaningful security risk.
Category
Each indicator is grouped into a security category to help contextualize the issue. Examples include:
-
Protocol Hardening and Authentication Integrity
-
Delegation and Impersonation Risk
-
Privilege Exposure
-
Legacy Protocol Risk
The category provides high-level context about the type of security weakness detected.
Indicator detailed findings
By clicking on a specific indicator on the Assessment result tile, you can view the detailed findings about an indicator.
Details
The Details section explains:
-
What the technology or feature does
-
Why the configuration is risky
-
How attackers may exploit the condition
-
Why Microsoft or industry guidance recommends securing it
This information helps administrators understand the security implications before they make changes.
Impact
The Impact panel summarizes the finding in three structured fields:
Finding: Describes what was detected in the environment. For example, one or more domain controllers allow unsigned LDAP communication.
Expected Secure State: Defines the recommended secure configuration. For example, domain controllers require LDAP signing using Group Policy.
Current Insecure State: Describes the detected deviation from the secure configuration. For example, domain controllers accept unsigned LDAP binds and queries.
This comparison shows the issue and the recommended configuration.
Next Steps
Each indicator includes a Next Steps section containing:
-
Recommended Remediation: Clear, actionable guidance to correct the configuration issue.
Remediation steps may reference:
-
Group Policy settings
-
Active Directory Users and Computers
-
PowerShell commands
-
Configuration changes
Changes should be validated in a non-production environment before broad enforcement.
-
-
References: Authoritative documentation, typically from Microsoft, that provides additional implementation and security guidance.
Affected objects
The Affected Objects tab lists the specific domains, domain controllers, or accounts impacted by the finding.
Depending on the indicator scope, this may include:
-
Domain controllers
-
User accounts
-
Computer accounts
-
Service accounts
-
Domains
Use this list to prioritize remediation and validate configuration changes after remediation.
Using Findings Effectively
When reviewing assessment results:
-
Start with Critical and High findings.
-
Review affected objects to determine scope.
-
Validate compatibility before enforcing protocol or authentication changes.
-
Re-run the assessment after remediation to confirm resolution.
Security hardening changes—particularly those involving authentication protocols or delegation—should follow your organization's change management process to prevent unintended service disruption.