StealthAUDIT® Active Directory Permissions Analyzer

Comprehensive Active Directory object-level permissions auditing for security and compliance.

Request a Free Trial

Powered by ChronoForms -

Active Directory Permissions Auditing with StealthAUDIT

As the authentication and authorization hub of your network, the importance of understanding Active Directory (AD) permissions is not to be understated. Unfortunately, native tools and views into AD object permissions lack the ability to scale effectively even in smaller organizations, requiring advanced knowledge of scripting languages like PowerShell to make any real headway in understanding AD permissions vulnerabilities.

StealthAUDIT Active Directory Permissions Analyzer enables organizations to easily and automatically determine effective permissions applied to any and all Active Directory objects, at any scope, allowing for the most authoritative view available of who has access to what in AD.

Shadow Access Rights​

Shadow Access analysis allows users to proactively and explicitly identify attack paths bad actors can take using obscured object-level permissions to move laterally, escalate privileges, compromise entire domains, and gain access to sensitive data.​

User Object Permissions​

Pinpoint instances where permissions are applied to Active Directory user objects. This information helps organizations understand the level of permissions granted like read, write, and delete.

Group Membership Change Permissions

Understand which trustees can change the membership of Active Directory group objects, either by the “Write Member Attribute” or via the "Add/Remove self as member" permission.

Group Object Permissions​​

Shed light on instances where permissions are applied to Active Directory group objects. This information is critical to understanding who can perform particular operations against AD groups.

OU Permissions

Quickly analyze and report on where permissions are applied to Active Directory organizational units. This information is summarized at the domain and enterprise levels.​​

Computer Permissions​

Uncover instances where permissions are applied to Active Directory computer objects. Information regarding computer permissions can identify rogue computer devices on your network.​

Open Access Permissions​​

Rapidly assess instances of open access on AD objects, and summarize open access by domain. Common instances of open access include the use of well-known security principals like Domain Users, Authenticated Users, and Everyone.

Broken Inheritance in AD Permissions​

Gain immediate insight into instances of broken inheritance on Active Directory objects. This information can be segmented by domain and show where the inheritance has been broken, regardless of its location in the permissions tree.

AdminSDHolder Permissions​

Quickly determine what permissions exist on the AdminSDHolder container within Active Directory. If compromised, the AdminSDHolder container can be used by an attacker to achieve persistence in an environment. This information is summarized at the domain and enterprise levels.

Domain Replication Permissions

Identify and track which accounts are capable of replicating Active Directory information. The ability to replicate the domain, for example, can be used as an attack path via techniques like DCShadow and DCSync to more easily compromise an Active Directory environment.

DCShadow Permissions Report

Identify users that have the capability of executing a DCShadow attack - where attackers create a fake domain controller in order to get access to AD resources.​​​​

"Great platform to improve security & data governance"

- Director of Infrastructure & Security in the Finance Industry

5 out of 5

Read The Full Review

StealthAUDIT Active Directory Permissions Analyzer

Comprehensive Active Directory Permissions Reporting

Browse our Active Directory Permissions reports and see how deep visibility into object-level permissions can illuminate vulnerabilities attackers exploit to compromise credentials.

See the market’s most comprehensive Active Directory Permissions auditing and reporting solution in action.

It only takes 30 minutes!

Request Demo


StealthAUDIT Active Directory Permissions Analyzer

Data Sheet

Learn More

StealthAUDIT® Management Platform


Learn More

Identify Shadow Access – Visualize the Attack Path


Learn More

Free Risk Assessment
Free Trial Request
STEALTHbits Demo Request
Browse Resource Library