If you have a traditional domain, it’s time to audit your Active Directory. In fact, it’s probably way past time. You probably have accounts that have been unchanged for years and might not have reviewed settings or registry entries. Attackers know that these domains have legacy settings that allow them to take greater control and use techniques to gain domain rights. Active Directory security came into the news with the release of several updates in May, you need to take many more steps than mere patching to protect your network.
Microsoft’s server tools include Best Practices Analyzer (BPA), but it doesn’t identify some of the means that attackers use to go after Active Directory domains. Several other resources analyze the health and security of Active Directory domains including Purple Knight from Semperis, PingCastle, or Quest’s Active Directory health check tool.