Active Directory & Office 365 Reporting Tool

Free Active Directory Compliance tool for CIS benchmarks, SOX, NIST, GDPR and HIPAA.  I’ve created a Powershell script that outputs a HTML report on the status of your Active Directory in regards to your compliance.  Run on as many domains as you need.  You can run it remotely, just specify the domain controller and the script will run against your DC.  It checks the following:

Free Active Directory Compliance Dashboard

Get Powershell Script


Active Directory CIS Benchmarks

The Powershell script will check the following against CIS benchmarks for your Active Directory domain:

  • Ensure ‘Account lockout duration’ is set to ’15 or more minute(s)’
  • Ensure ‘Account lockout threshold’ is set to ’10 or fewer invalid logon attempt(s)’
  • Ensure ‘Password minimum length’ is set to ’14 or more character(s)’
  • Ensure ‘Password history size’ is set to ’24 or more password(s)’
  • Ensure ‘Maximum password age’ is set to ’60 or fewer days, but not 0′
  • Ensure ‘Minimum password age’ is set to ‘1 or more day(s)’
  • Ensure ‘Enable computer and user accounts to be trusted for delegation’ is set to ‘No One’
  • Ensure ‘User Rights Assignment: Access this computer from the network’ is set to ‘Administrators, Authenticated Users’

Active Directory NIST Compliance

The compliance Powershell script will also check your domain controllers against NIST compliance best practices:

  • Ensure ‘Audit Log Retention’ is set to ‘365 or more days’
  • Ensure ‘Windows Firewall: Domain Profile’ is set to ‘On’
  • Ensure ‘Audit: Audit the access of global system objects’ is set to ‘Disabled’
  • Ensure ‘Audit: Shut down system immediately if unable to log security audits’ is set to ‘Disabled’

Active Directory SOX Compliance

The compliance report will also check the SOX compliance for the following on your Active Directory domain controllers:

  • Ensure ‘Logon Events are Audited’

GDPR Compliance for Active Directory

For GDPR compliance the report will check the following is configured within your Active Directory:

  • Ensure ‘Access Control Policy’ is implemented
  • Ensure ‘Data Encryption’ is enforced

Active Directory HIPAA Compliance

And HIPAA compliance report is also generated to check the following in AD:

  • Ensure ‘Audit Controls’ are in place
  • Ensure ‘Access Controls’ are enforced

Domain Statistics

In the Active Directory report it will also show the following stats about your users and groups in your domain:

  • Domain name
  • Number of users
  • Number of groups
  • Number of disabled users
  • Number of domain admins

There is also a compliance risk assessment that will show your current compliance risk based on the results.

risk assessment

Improve your AD Compliance

Compliance Dashboard

Increase Security

Meet Regulartory Requirements

Free Active Directory Compliance Dashboard

Get Powershell Script


InfraSOS Reporting & Auditing Platform

Andrew Fitzgerald

Andrew Fitzgerald

Cloud Solution Architect. Helping customers transform their IT Infrastructure, Cloud deployments and Security. 20 years experience working in complex infrastructure environments and a Microsoft Certified Solutions Expert on everything Cloud and Active Directory.

Leave a comment

Your email address will not be published. Required fields are marked *