SERVICES / ACTIVE DIRECTORY & IDENTITY AUDITS

Active Directory & Identity Audits

Understand Your Identity Security Risks

Active Directory is present in the vast majority of Windows environments and is the primary target in most network compromises. Once an attacker gains a foothold in AD, they can move laterally, escalate privileges, and reach sensitive systems with relative ease. Despite this, most organizations have never had their AD environment professionally reviewed outside of a penetration test.

Thorium’s Active Directory and Identity Audits are dedicated, standalone assessments that go deeper than any pen test finding. We examine your on-premises AD environment and cloud identity infrastructure — including Azure Active Directory and Entra ID — and deliver a detailed findings report with specific remediation guidance your IT team can act on immediately.

Privileged Acct. Inventory

Kerberos Attack Exposure

Group Policy Configuration

Domain Trust Relationships

Azure AD /
Entra ID

Privilege Escalation

Data Collection.

We gather Active Directory configuration data, group membership records, GPO settings, and trust relationship information using approved, read-only tooling. No changes are made to your environment during this phase. All collection activity is documented and can be provided to your team upon request.

Analysis.

We examine collected data to identify misconfigurations, excessive privilege, stale accounts, and potential escalation paths across your on-premises and cloud identity infrastructure. Findings are cross-referenced against known attack techniques from MITRE ATT&CK and current adversary tradecraft to ensure relevance and accuracy.

Validation.

Critical findings are manually validated to confirm exploitability and eliminate false positives before they appear in your report. This step is what separates a genuine security assessment from an automated scan — we verify that what we found represents real, actionable risk.

Reporting

Every finding is documented with technical detail, evidence, business impact, and specific remediation steps written for your IT team. An executive summary accompanies the full technical report so leadership can understand the overall identity security posture without needing to read every finding.

What You Receive

Every Active Directory and Identity audit engagement concludes with a complete findings package delivered within five business days of assessment completion.

The technical report documents every identified misconfiguration, exposure, and privilege escalation path with supporting evidence, risk ratings, and step-by-step remediation instructions written for your IT team. A privileged account inventory captures the state of all privileged accounts and group memberships at the time of assessment — a useful baseline for ongoing access governance.

An executive summary translates the technical findings into business risk language your leadership can act on and present to a board or examiner without interpretation.

Following delivery, Thorium conducts a findings review session with your team — walking through critical and high-severity items, answering technical questions, and helping prioritize remediation sequencing. This session is included with every engagement and ensures your team leaves with a clear path forward, not just a report to file.

When did someone last look inside your Active Directory?

Most organizations can’t answer that question. An AD audit is one of the highest-value assessments we conduct — and one of the most commonly deferred.

Request a Scoping Call →