Assessment Packs

DynamicPacks IT Health Profiler uses PowerShell based Dynamic Packs (sometimes referred to as Assessment Packs) to perform health and security checks of the targets.

  • Design New Dynamic Packs
  • Import New Dynamic Packs
  • Maintain Dynamic Packs Bundle for reuse

Assessment Packs

About Assessment Packs

An Assessment Pack that is used with IT Health Profiler is designed using scripting languages such as PowerShell, Azure CLI, Bash Scripting, or using Windows commands or other scripting languages as appropriate.

Design New Packs

If you know PowerShell Scripting you can design new Assessment Packs using built-in Packs Manager that ships with the purchase of IT Profiler Enterprise Edition. It is easy as pie to design new Assessment Packs using Pack Manager.

Import From Server

Most of the Assessment Packs are designed by Microsoft MVPs who are well-versed in their technology area. Once the Assessment Packs are designed they are hosted on Dynamic Packs Server. You can import new packs from within the IT Profiler.

Request Us

You can always ask us to design an Assessment Pack for you. Since the IT Profiler is a Dynamic product, the newly designed Assessment Packs can be imported into IT Profiler on fly while you are running another assessment.

Browse Assessment Packs

Microsoft Active Directory Assessment is done in a total of nine categories. Below table defines the categories and checks which are performed in each category.

Active Directory DNS Health Checks
Assessment Pack Description
AD Domain Zone Scavenging Test Dynamic Pack checks to make sure DNS Scavenging is enabled on each Zone.
AD Domain Zone Secure Test Dynamic Pack checks Zone secure status.
AD Domain Zone Static Records Test Dynamic Pack checks to see if any DNS Static records are present in Domain Zones.
DNS Forwarders Test Dynamic Pack checks DNS Forwarders configured on each Domain Controller.
DNS Root Hints Test Dynamic Pack checks to make sure DNS Servers are configured with proper root hints
DNS Round Robin Test Dynamic Pack checks to make sure DNS Round Robin is enabled on DNS Servers in order to load balance authentication traffic coming from client computers.
DNS Server _msdcs Zone Test Dynamic Pack checks to ensure _msdcs Zone containing SRV records is hosted by the DNS Server.
DNS Server Conditional Forwarders Test Dynamic Pack checks to see if any Conditional Forwarders are set on the DNS Server and then can resolve to their Master Servers.
DNS Server Server Level Scavenging Test Dynamic Pack checks Scavenging status on DNS Server at Server-Level.
Domain Controller Host Record Test Dynamic Pack checks to make sure Host Record is registered for all domain controllers in the DNS Server.
Active Directory Domain Account Policies Health Checks
Assessment Pack Description
Domain Account Policies Test Gets Domain Account Policies such as Password and other account policies.
Domain FGPP Policies Test Gets FGPP Configured on each domain.
Get AD Domain FGPP and Users Test Dynamic Pack can get FGPP and Users applied.
Get AD Domain FGPP Application Test Dynamic Pack checks to see status of each FGPP
Active Directory Domain Controller Health Checks
Assessment Pack Description
Domain Controller DNS Loopback Test Dynamic Pack checks to see if Loopback address is configured on the TCP/IP property of each Domain Controller.
Domain Controller DNS Resolver Test Dynamic Pack checks to make sure Domain Controller is running DNS Client Resolver.
Domain Controller NIC Dynamic Updates Test Dynamic Pack checks to make sure Domain Controller can register required resource records dynamically.
Domain Controller Multihomed Test Dynamic Pack checks to make sure Domain Controller is not configured with multiple Network Cards to avoid multihomed DC issue.
Domain Controller Recent Updates Test Dynamic Pack checks if any domain controller was patched within 45 days and provide last date of patching.
Domain Controller Up Time Test Dynamic Pack executes to check Up Time for all domain controllers and report failure if any of the domain controllers have not been rebooted since last 30 days.
AD Site Undefined Subnets Test Dynamic Pack Checks for Subnets that have not been defined in the AD Site and Services. Test checks all domain controllers.
Domain Controller Local Disks Test Dynamic Pack checks how disks are configured are configured on the domain controllers. Dynamic Pack checks minimum disk requirements.
Domain Controller DNS Configuration Test Dynamic Pack checks how DNS Servers settings are configured in TCP/IP on each Domain Controller.
Domain Controller Free Space Test Dynamic Pack checks disk space on local drives and ensure domain controllers have enough space. Failure is reported for domain controllers that have less than 10 GB of free disk space available.
Domain Controller Updates Level Test Dynamic Packs check if domain controllers are running with same Patch Level or not.
Domain Controllers Required Ports Listening Test Dynamic Pack checks to ensure all AD Ports are listening on each domain controller. Dynamic Pack uses PortQry from Microsoft to test all ports. Please ensure PortQry.exe is available under C:UsersPublicDynamicPacksTechnologiesADHealthProfilerDPConfig folder.
Domain Controller OS Test Dynamic Pack checks OS Version; Service Pack level and hot fixes.
Domain Controller OU Location Test Dynamic Pack checks to make sure each Domain Controller is located in its default OU and Domain Controller GPO is applying successfully.
Domain Controller Event Log Test Dynamic Pack checks Number of Errors and Warnings logged in event logs of domain controllers. Dynamic Pack uses DCLogs.DPC file to know the Event Log to be checked. Specify one Event Log per line.
Domain Controllers DCDiag Test Dynamic Pack collects DCDiag results from each domain controller and analyze.
Domain Controller Custom Missing Updates Test Dynamic Pack checks missing updates on Domain Controllers. You need to provide a list of updates that will be checked on each domain controller in CustomUpdates.DPC file. Please provide update KB number per line such as KB7645656.
Domain Controller Event Log Recent Errors Test Dynamic Pack checks if any errors and warnings have occurred on the domain controllers recently. Dynamic Pack also displays last 10 error and warning messages.
Domain Controller Services Status Test Dynamic Pack executes to check all domain controller services and their status. Reports failure if any of the service is not running or malfunctioning. Dynamic Pack uses DCServices.DPC file for services to be queried. Please specify one service short name per line.
Domain Controllers Internet Access Test Dynamic Pack checks if Internet Access is enabled on Domain Controllers.
Domain Controllers Roles and Features Test Dynamic Pack checks if any Roles and Features are installed on Domain Controllers other than Domain Controllers Role.
Domain Controller Audit Policy Configuration Consistency Test Dynamic Pack checks Audit Policy Configuration Consistency on domain controllers.
Domain Controller DS Audit Policy Test Dynamic Pack checks if Directory Services Auditing is configured on the domain controllers.
Domain Controller SSL Test Dynamic Pack checks if SSL is configured in Active Directory Domain Controllers.
Domain Controller Event Log Config Test Dynamic Pack collects Event Log configuration on each domain controller.
Domain Controller Event Log Size Test Dynamic Pack gets Event Log Size configured on the domain controllers.
Get Read-Only Domain Controller Admin Passwords Stored Dynamic Pack checks to make sure Admin credentials are not cached on RODC.
Get Read-Only Domain Controller Allowed List Dynamic Pack checks if Allowed List is configured in the RODC.
Get Read-Only Domain Controller Denied List Gets RODS Denied List
Active Directory Forest Health Checks
Assessment Pack Description
AD Adjacent Site Test Dynamic Pack checks to what sites are Adjacent sites configured for each AD Site.
AD Forest Orphaned Domain Controllers Dynamic Pack checks how many servers in each AD Site do not have NTDS Object.
AD Duplicate Site Links Test Dynamic Pack Checks to see how many AD Sites are configured in more than one Site Link.
AD Site Bridgehead Servers Test Dynamic Pack Checks manually and automatically configured Bridgehead Servers for each site.
AD Site Link Topology Test Dynamic Pack Checks to see how many sites are present in an AD Site Link. Test report includes if there are three or more sites in a Site Link.
AD Site Replication Interval Test Dynamic Pack Checks Replication Interval defined for each site and report sites that have larger replication interval configured.
AD Site Redundancy Test Dynamic Pack Checks to make sure each Active Directory Site has at least two domain controllers.
AD Site Not In Site Link Test Dynamic Pack Checks to see how many AD Sites have not been defined in a Site Link.
AD Forest and Domain Functional Level Test Dynamic Pack checks current AD Forest and Domain functional levels.
AD Partitions Backup Test Dynamic Pack is used to check if any backups have been performed for AD Partitions.
AD Empty Site Test Dynamic Pack Checks how many AD Sites have been created without a domain controller.
AD Forest TombstoneLifetime Test Dynamic Pack checks to make sure  tombstoneLifetime  is set to 180 days.
AD Forest Replication Test Dynamic Pack Checks Active Directory Forest Replication status.
AD Site Without Subnets Test Dynamic Pack Check to make sure each Site has at least one Subnet associated with it.
AD Site Location Test Dynamic Pack Checks if each AD Site has location text defined.
AD Site Without Global Catalog Test Dynamic Pack checks to make sure each site has a Global Catalog Server available.
AD Site Without Domain Controllers Test Dynamic Pack Checks how many AD Sites do not have a domain controller.
AD Forest ISTG Test Dynamic Pack Checks to see if an ISTG role is defined in each Active Directory Site. Test reports failure if no ISTG is found in an Active Directory Site.
AD Manual Replication Connection Objects Test Dynamic Pack Checks Manual Replication Connection Objects created in Active Directory Forest.
AD FSMO Placement Test Dynamic Pack checks how Flexible Single Master Operation Roles are hosted in AD Forest for all domains.
Get AD Privileged Access Management Status Dynamic Pack checks PAM Status in AD Forest.
Get AD Recycle Bin Status Dynamic Pack checks AD Recycle Bin Status in AD Forest.
Active Directory Reporting Items
Assessment Pack Description
Get AD Subnets Count Per Site Dynamic Pack Gets the AD Subnet count associated with each AD Site.
Get AD Forest Info and FSMO Dynamic Pack Collects AD Forest Info and FSMO Roles in an Active Directory Forest.
Get AD Forest Site Info Dynamic Pack Collects Site Information from an Active Directory Forest.
Get AD Forest Site Link Info Dynamic Pack Collects Site Link information from an Active Directory Forest.
Get Domain Controller Info Dynamic Pack Collects Domain Controller information from an Active Directory Forest.
Get AD Domain Info and FSMO Get AD Forest and Domain Info for Reporting Purposes.
Domain Users Empty Fields Test Dynamic Pack gets empty user fields in Active Directory Domains.
Active Directory Group Policy Objects Health Checks
Assessment Pack Description
Domain GPO Naming Test Dynamic Pack checks to see how GPOs are named in the domain.
Domain GPO Description Test Dynamic Pack checks to see if any GPO is not configured with description text.
Get GPO Applied Info Dynamic Pack Collects Group Policy Objects from each domain and collects the objects to which GPO applies.
Domain GPO WMI Filters Test Dynamic Pack returns the list of GPOs that have been configured with WMI Filters.
Domain GPO Not Applied Test Dynamic Pack checks GPOs that are configured in the domain but are not applying to any objects.
Domain GPO Disabled Test Dynamic Pack returns the list of GPOs that are disabled.
Domain GPOs Block Inheritance Test Dynamic Pack can be used to collect GPOs that have Block Inheritance configured.
Active Directory Organizational Units and Other Health Checks
Assessment Pack Description
Domain OU Protection Test Dynamic Pack checks to ensure all Organizational Units in each domain have been configured to protect Ous from accidental deletion.
Domain OU with No GPO Linked Test Dynamic Pack collects Ous which have not been linked to any GPOs. Dynamic Pack is executed against each domain.
Domain OU Empty Test Dynamic Pack collects Ous which do not hold any Active Directory Objects. Dynamic Pack is executed against each domain.
Domain Administrative Security Groups Test Dynamic Pack checks how many members have been assigned to each administrative security group. Dynamic Pack uses DomainAdminGRP.DPC to count the member of Security Groups in each domain.
Domain Security Groups with No Members Test Dynamic Pack collects Security Groups without members in each domain.
Domain Managed Service Accounts Test Get AD Forest and Domain Info for Reporting Purposes.
Domain Managed Service Accounts Linked Test Get AD Forest and Domain Info for Reporting Purposes.
Domain Organizational Unit Full Control Access Rights Test Dynamic Pack checks how many Full Control Rights are assigned on each OU in each domain.
Domain Organizational Unit Everyone Full Control Access Rights Test Dynamic Pack checks if Everyone Account has assigned Full Control Permissions on any OU in each domain.
Active Directory Security and Compliance Checks
Assessment Pack Description
Domain Computers Stale Accounts Test Dynamic Pack gets stale computer accounts in each AD Domain. Test is considered failed if more than 100 stale computer accounts are found in a domain. The severity reported is High if more than 500 stale computers are found in the domain.
Domain Users Account Expired Test Dynamic Pack collects user accounts expired in each domain. The test is considered as High if more than 500 users have been found in each domain.
Domain Users Accounts Locked Out Test Dynamic Pack collects Locked Out User accounts in each domain.
Domain Computers Disabled Test Dynamic Pack gets disabled computer accounts in each AD Domain. Test is considered failed if more than 100 disabled computers are found in a domain.
Domain Users Stale Accounts Test Dynamic Pack collects Stale User accounts in each domain.
Domain Users Password Never Expire Test Dynamic Pack collects Password Never Expire users in each domain.
Domain Users Disabled Test Dynamic Pack gets disabled user accounts in each AD Domain. Test is considered failed if more than 100 stale user accounts are found.
Domain Computers Operating Systems Test Dynamic Pack checks to see how many Windows XP and Windows 7 and other OSes are there in each domain.
Default Administrator Account Test Dynamic Pack checks to see if the Default Administrator is not renamed and/or still enabled.
AD Domain Admin Failed Logon Attempts Dynamic Pack gets Bad Logon Attempts from Admins in each domain.
Domain Computers Bad Logon Attempts Test Dynamic Pack gets Bad Logon attempts from computer accounts in each domain.
Domain Users Bad Logon Attempts Test Dynamic Pack gets Bad Logon attempts from user accounts in each domain.
Domain Users UPN Not Specified Test Dynamic Pack gets users who do not have UPN specified.
Active Directory Time Synchronization Health Checks
Assessment Pack Description
AD Domain Controller Time Configuration Test Dynamic Pack checks to make sure Domain controllers are configured to sync time from Domain PDCs and all required registry entries are set correctly.

Office 365 Assessment is done in a total of eleven categories. Below table defines the categories and checks which are performed in each category. Please note IT Profiler Office 365 Assessment is different from Office 365 Security Score.

Office 365 Users Licensing
Assessment Pack Description
Office 365 Users Licensing Test Dynamic Pack can be used to collect user licenses from Office 365 and check how many users require licenses.
Reporting Items: Exchange Online Mailbox Configured Policies
Assessment Pack Description
Office 365 Mailbox Role Assignment Policies Test Dynamic Pack checks Role Assignment Policies configured in Exchange Online.
Office 365 Mailbox Capabilities Test Dynamic Pack checks capabilities configured for mailboxes.
Office 365 Mailbox Retention Policies Test Dynamic Pack collects Retention Policies configured for mailboxes.
Office 365 Mailbox Audit Policy Test Dynamic Pack collects Audit Policies configured for mailboxes.
Office 365 Mailbox UsagesLocation Test Dynamic Pack checks usageslocation for each mailbox and provide a summary.
Office 365 Mailbox Max Send Policy Test Dynamic Pack collects Maximum Storage Send Policy in Office 365
Office 365 Mailbox Max Receive Policy Test Dynamic Pack collects Maximum Storage Receive Policy in Office 365
Office 365 Mailbox Types Test Provides list of Mailboxes configured in Office 365.
Reporting Items: Office 365 Groups
Assessment Pack Description
Office 365 Groups Without Members Test Checks to see if any Office 365 Groups have been created without any members.
Office 365 Groups Without Description Test Checks to see how many Groups do not have a description text set.
Reporting Items: Office 365 Configuration
Assessment Pack Description
Office 365 Domain Verification Test Checks to see if Domains are verified in Office 365.
Office 365 Domain Services Test Checks to see if Domains have Services assigned in Office 365.
Office 365 Subscription Status Test Checks Office 365 Subscription status.
Office 365 Domain Authentication Config Test Checks Authentication Configuration
Office 365 Notification Emails Test Checks to see if Technical Notification Emails are configured to receive notifications from Microsoft.
Reporting Items: Office 365 Dir Sync
Assessment Pack Description
Office 365 Dir Config Test Checks Dir Sync config in Office 365.
Office 365 Dir Sync Features Test Checks features configured for Directory Sync.
Reporting Items: Office 365 Users Empty Fields
Assessment Pack Description
Office 365 Users With Emtpy Department Field Test Dynamic Pack checks users with empty department in Office 365 Subscription.
Office 365 Users With Empty Country Field Test Dynamic Pack checks users with empty Country in Office 365 Subscription.
Office 365 Users With Empty Title Field Test Dynamic Pack checks users with empty title in Office 365 Subscription.
Office 365 Users With Empty StreetAddress Field Test Dynamic Pack checks users with empty Street Address in Office 365 Subscription.
Office 365 Users With Empty State Field Test Dynamic Pack checks empty state field in Office 365 Subscription.
Office 365 Users With Empty Phone Numer Field Test Dynamic Pack checks how many users have not been entered with Phone Number in Office 365 Subscription.
Office 365 Users With Empty Mobile Field Test Dynamic Pack checks users with empty Mobile field in Office 365 Subscription.
Office 365 Users with Empty UsageLocation Test Dynamic Pack checks users with blank location.
Office 365 Users With Empty PostalCode Field Test Checks to see how many users are not assigned a Postal Code.
Severity Items: Office 365 Users & Mailbox Security and Compliance Items
Assessment Pack Description
Office 365 Mailbox Storage Mailbox Policy Test Dynamic Pack provides Mailbox report.
Office 365 User Roles Test Checks to make sure Office 365 User Roles do not contain more than 10 members in each.
Office 365 Users Password Never Expires Test Dynamic Pack can be used to check how many users have been set their password not to expire.
Office 365 Users MFA Test This Dynamic Pack can be used to check MFA enabled users and how many users are enforced.
Exchange Online External Address forwarding Test Collects external forwarders configured in Exchange Online.
Exchange Online Litigation Hold Test Collects Litigation Hold for Exchange Online.
Exchange Online SPAM Test Dynamic Pack can be used to get SPAM Report from Exchange Online
Exchange Online Mailbox Auditing Test Checks to see if Mailbox Auditing is configured for Exchange Online.
Office 365 Users Strong Password Requirements Test Dynamic Pack checks users with weak password.
Office 365 Blocked Users Test Checks to see how many users are blocked in Office 365.
Office 365 Users Not Changed Password Test Checks to see how many users have not changed their passwords within 90 days.
Office 365 Users Without Group Membership Test Checks to see how many users have not been added to Groups.
Office 365 Users With Company Administrators Test Checks to see how many users have been added in Company Administrator Group.
Office 365 Users With Admins MFA Test Checks to see if all Admins in Office 365 have MFA enabled.
Office 365 Users Deleted and Licensed Test Checks to see if any deleted users have licenses assigned.
Office 365 License Consumption Test Checks to see how licenses are consumed in Office 365.
Office 365 Self Service Password Reset Test Checks to see if Self Service Password is enabled in Office 365.
Office 365 MFA Test Checks to see if MFA is enabled in Office 365.
Office 365 Organization Auditing Test Checks to see if Organization Auditing is enabled in Office 365.
Office 365 Mailbox Storage Warning Test Dynamic Pack provides Mailbox report.
Office 365 Exchange Online Modern Authentication Test Checks to see if Modern Authentication is enabled in Office 365.
Office 365 Exchange Online Privileged Access Management Test Checks status of PAM in Office 365.
Office 365 Exchange Online Admin Auditing Test Checks status of Admin Auditing.
Office 365 Exchange Online Admin Success and Failure Attempts Checks to see if there are any failure attempts from Admins when accessing Office 365 objects.
Office 365 Exchange Online External Access Admin Success and Failure Attempts Checks to see if there are any failure attempts from Admins when accessing Office 365 objects from external network.
Severity Items: Office 365 Users Deleted/Disabled/Sync Test
Assessment Pack Description
Office 365 Users Deleted Test Checks how many users have been deleted recently.
Office 365 Users Disabled Test Dynamic Pack can be used to check how many users are disabled in Azure
Office 365 Users Sync Test Dynamic Pack can be used to check Azure Users Synchronization status.
Severity Items: Office 365 Users Reconciliation/Provisioning
Assessment Pack Description
Office 365 Users Reconciliation Test Checks to see if any users require License Reconciliation.
Office 365 Users Provisioning Test Dynamic Pack checks how many users have not been provisioned in Office 365 Subscription.
Severity Items: Exchange Online Mailbox Inactive/Deleted/Hidden/Sync Items
Assessment Pack Description
Office 365 Inactive Mailbox Test Dynamic Pack can be used to check Mailbox Last Logon time provides a report on users who have been inactive.
Office 365 Deleted Mailbox Test Dynamic Pack provides Inactive Mailbox.
Office 365 Mailbox Sync Test Dynamic Pack checks how many mailboxes are not syncing.
Office 365 Mailbox Hidden From Address List Test Dynamic Pack provides mailboxes which are hidden from the address list.
Severity Items: Office 365 Dir Sync
Assessment Pack Description
Office 365 Dir Sync Property Conflict Test Checks to see if there are any Dir Sync conflicts.
Office 365 Dir Sync Property Conflict with User Principal Name Test Checks to see if there are any Dir Sync Property Conflicts for User Principal Names.
Office 365 Dir Sync Property Conflict with ProxyAddress Test Checks to see if there are any Dir Sync Property Conflicts for User Principal Names.

Microsoft DHCP Server Assessment is done in a total of five categories. Below table defines the categories and checks which are performed in each category.

DHCP Server Health Checks
Assessment Pack Description
DHCP Database Size Test Dynamic Pack is used to check DHCP Database size.
DHCP Server Disk Space Test Checks to see if NAP is enabled on the DHCP Servers.
Microsoft DHCP Server Scope Health Checks
Assessment Pack Description
DHCP Scope Inactive Test Dynamic Pack checks DHCP Inactive scopes and report the name of the Scopes.
DHCP Lease Duration Test Dynamic Pack checks DHCP Lease duration configured in each scope.
DHCP Empty Scope Test Dynamic Pack can check if any empty scope that is not being used.
DHCP Scope Use Test Dynamic Pack checks the percentage in use for each DHCP Scope on each DHCP Server.
DHCP Server V4 Scope Reservation Test Checks to see how many Scopes on each DHCP Server do not have Reservation configured
DHCP Server V4 Scope Exclusion Test Checks to see how many Scopes on each DHCP Server do not have Exclusion configured.
DHCP Server All Scopes Use Test Checks to see if NAP is enabled on the DHCP Servers.
DHCP Server All Scopes Not In Use Test Checks to see if NAP is enabled on the DHCP Servers.
Microsoft DHCP Server Settings Health Checks
Assessment Pack Description
DHCP Server Auditing Test Dynamic Pack checks if DHCP auditing is enabled on the Servers.
DHCP Server Logging Test Dynamic Pack checks DHCP Logging on each DHCP Server.
DHCP Server Backup Path Test Checks DHCP Database backup location.
DHCP Server Dynamic Updates Test Dynamic Pack checks DNS Settings configured on the DHCP Servers.
DHCP Server Conflict Detection Settings Test Checks to see if Conflict Detection is enabled and the value.
DHCP Server Authorization Test Checks to make sure all DHCP Servers are authorized in the domain.
DHCP Server Versions Test Checks to see if NAP is enabled on the DHCP Servers.
Microsoft DHCP Server NAP Health Checks
Assessment Pack Description
DHCP Server NAP Enabled Test Checks to see if NAP is enabled on the DHCP Servers.
Microsoft DHCP Server Event Log Health Checks
Assessment Pack Description
DHCP Server Event Log Test Checks event logs on DHCP Servers to see if there are any errors or warnings.

Microsoft Cyber Security Assessment is done in a total of nine categories. Below table defines the categories and checks which are performed in each category.

Active Directory Accounts Securtiy Checks
Assessment Pack Description
Get AD Administrative Security Groups Count Dynamic Pack collects members count of Domain Admin Security Group in each domain.
Get AD Domain Security Group Membership Dynamic Pack Collects Domain Security Group Memembership from all domains. Dynamic Pack checks to see Security Groups to query in DomainGRP.DPC file. One Security Group per line needs to be specified for this Dynamic Pack to work.
Domain Computers Stale Accounts Test Dynamic Pack gets stale computer accounts in each AD Domain. Test is considered failed if more than 100 stale computer accounts are found in a domain. The severity reported is High if more than 500 stale computers are found in the domain.
Domain Users Account Expired Test Dynamic Pack collects user accounts expired in each domain. The test is considered as High if more than 500 users have been found in each domain.
Domain Users Accounts Locked Out Test Dynamic Pack collects Locked Out User accounts in each domain.
Domain Computers Disabled Test Dynamic Pack gets disabled computer accounts in each AD Domain. Test is considered failed if more than 100 disabled computers are found in a domain.
Domain Users Stale Accounts Test Dynamic Pack collects Stale User accounts in each domain.
Domain Users Password Never Expire Test Dynamic Pack collects Password Never Expire users in each domain.
Domain Users Disabled Test Dynamic Pack gets disabled user accounts in each AD Domain. Test is considered failed if more than 100 stale user accounts are found.
Default Administrator Account Test Dynamic Pack checks to see if the Default Administrator is not renamed and/or still enabled.
Active Directory Domain GPO Security Checks
Assessment Pack Description
Domain OU with No GPO Linked Test Dynamic Pack collects Ous which have not been linked to any GPOs. Dynamic Pack is executed against each domain.
Active Directory Servers Security Checks
Assessment Pack Description
Domain Controller Up Time Test Dynamic Pack executes to check Up Time for all domain controllers and report failure if any of the domain controllers have not been rebooted since last 30 days.
Active Directory DNS Domain Zone Security Checks
Assessment Pack Description
AD Domain Zone Secure Test Dynamic Pack checks Zone secure status.
Active Directory Security Groups Security Checks
Assessment Pack Description
Domain Administrative Security Groups Test Dynamic Pack checks how many members have been assigned to each administrative security group. Dynamic Pack uses DomainAdminGRP.DPC to count the member of Security Groups in each domain.
Domain Security Groups with No Members Test Dynamic Pack collects Security Groups without members in each domain.
Active Directory Failed Logon Attempts Security Checks
Assessment Pack Description
AD Domain Admin Failed Logon Attempts Dynamic Pack gets Bad Logon Attempts from Admins in each domain.
Domain Users Bad Logon Attempts Test Dynamic Pack gets Bad Logon attempts from user accounts in each domain.
Endpoint Security Checks
Assessment Pack Description
Endpoint OS Version Test Dynamic Pack gets users who do not have UPN specified.
Endpoint Antivirus Test Dynamic Pack gets users who do not have UPN specified.
Endpoint Firewall Test Dynamic Pack gets users who do not have UPN specified.
Endpoint Installed Applications Test Dynamic Pack gets users who do not have UPN specified.
Domain Users UPN Not Specified Test Dynamic Pack gets users who do not have UPN specified.
Active Directory Organizational Units Security Checks
Assessment Pack Description
Domain Organizational Unit Full Control Access Rights Test Dynamic Pack checks how many Full Control Rights are assigned on each OU in each domain.
Domain Organizational Unit Everyone Full Control Access Rights Test Dynamic Pack checks if Everyone Account has assigned Full Control Permissions on any OU in each domain.
Active Directory Domain Account Policies Security Checks
Assessment Pack Description
Domain Account Policies Test Gets Domain Account Policies such as Password and other account policies.