Auditors performing audits of Windows systems inevitably need to obtain information from Active Directory®, Microsoft’s platform for providing directory services to Windows and other devices. Whether it’s data on user accounts, computer accounts, group membership, or configurations in group policy objects, Active Directory is often a critical data source for Windows system audits.
While Active Directory graphic user interfaces can be used to obtain this information, they are often not efficient to use, and some information isn’t easy to find and download. This often results in administrators needing to provide data or screenshots.
PowerShell® provides a better method of obtaining information from Active Directory. As a Microsoft product, PowerShell has a variety of commands for working with Active Directory. These include commands to obtain data on Active Directory objects, such as users, computers, groups, and group policy objects. Using PowerShell’s scripting capabilities, auditors can develop scripts to efficiently collect data from Active Directory and perform audit tests on this data.
This two-day course will cover the PowerShell commands needed to obtain user, computer, group, and group policy object data from Active Directory. The course will also cover basic audit tests that can be performed using PowerShell on Active Directory objects. Auditors and security professionals who audit Active Directory will benefit from attending this course.
This course builds on the concepts presented in the Seminar – Introduction to Auditing with PowerShell®.