Automating AD Audits: Regular Review to Avoid Serious Scouring

Tags:

An overview of Engineering IT’s automated Active Directory audit framework. We use narrowly focused scripts that automatically run on a regular schedule and create tickets pre-assigned to the correct staff of any clean-up needed. This keeps the workload in small timely chunks, the AD more accurate and secure, review actually happens regularly, and it requires less oversight than the former large manual process. I will discuss why we did this, the benefits, how it is set up, relevant policies and decisions, required pre-conditions, what the structure looks like, what checks we have deployed now, and our plans for adding new ones.