Abstract
One of the famous directory services on the market is Active Directory (AD) by Microsoft. It consists of a set of services that work on Windows Server to manage access to networked resources. In this paper, an offline assessment is conducted to identify the security threats on an AD in an operational environment. The assessment and open discussion were performed, in which AD issues were first identified. This paper was written from a security auditor's perspective, with a detailed experience report of the assessment findings and risk mitigation plan. As results, risk issues covered a variety of areas such as operational excellence, privileged computer/user accounts, trusts and forest configuration, operating system security updates, and security compliance manager (SCM) analysis. Lessons learned were also discussed as a guidance for security researchers and practitioners dealing with analogous issues in similar contexts. Such lessons included a remediation plan and formal security policies and procedures.