Get Members of Active Directory Group and Export to CSV using PowerShell. The Windows PowerShell AD module is one of the most used modules for managing Active Directory (AD) domains and objects and retrieving data about users and computers. The AD module gathers several cmdlets used to control various objects, obtain AD group members, and […]
Get-ADUser Filter OU – List Users from a Specific OU. Do you need a quick and efficient way to list all the users that belong to a specific Organizational Unit (OU) in Active Directory (AD)? Look no further than the Get-ADUser commandlet. This versatile PowerShell cmdlet has a Filter parameter that determines which users in an […]
Active Directory (AD) is the backbone of identity and access in most organizations. It is also one of the biggest targets for attackers. Weak or poorly monitored AD environments often lead to breaches, privilege escalation, and compliance failures. That’s why regular AD auditing is critical for maintaining security, detecting suspicious behavior, and aligning with cyber […]
Active Directory monitoring on Windows Domain Controllers involves tracking a wide range of events from the Security log (audit events such as logons and account management) and the Directory Service log (AD DS operational events like replication issues). Below, we provide tables of relevant Windows Event IDs, their provider/source, which Event Log they appear in, […]
Kerberoasting is a post-exploitation attack technique targeting the Kerberos authentication protocol in Active Directory. In a Kerberoasting attack, an adversary uses a valid (even low-privilege) domain user account to request service tickets for service accounts – accounts that have a Service Principal Name (SPN) registered. These service tickets (TGS tickets) are encrypted with the service […]
In April 2025, British retail giant Marks & Spencer (M&S) was hit by a devastating ransomware attack that disrupted operations, paused online orders, and caused widespread financial damage. Nearly £700 million was wiped from its market valuation, and customers experienced delays, store issues, and service outages. The group behind this attack? A sophisticated hacking gang […]
Create Active Directory Logon Reports with PowerShell. As we know, auditing in an Active Directory (AD) environment is crucial for security. It is vital to find out what the user has done and which system they logged in to. Therefore, one of the essential tasks most administrators are dealing with nowadays is finding where a […]
How to Perform an Active Directory Security Assessment. Active Directory is the backbone of identity and access management in most enterprise environments, making its security paramount. This guide empowers us to conduct a comprehensive security assessment of our AD environment, identifying vulnerabilities and ensuring robust protection. These meticulously crafted steps safeguard our infrastructure and fortify […]
Free Active Directory Compliance tool for CIS benchmarks, SOX, NIST, GDPR and HIPAA. I’ve created a Powershell script that outputs a HTML report on the status of your Active Directory in regards to your compliance. Run on as many domains as you need. You can run it remotely, just specify the domain controller and the […]
Emerging Cybersecurity Threats in Active Directory: Security & Mitigation. Compromising Active Directory gives attackers broad access to organization’s systems and sensitive data. Additionally, its deep integration into the IT environment means that weaknesses in Active Directory configurations expose the entire network to risks of lateral movement and privilege escalation, allowing attackers to gain administrative privileges […]