Active Directory - AD Rating®
Microsoft reports 95 million attack attempts targeting Active Directory accounts every single day. Taking control of a Microsoft domain controller often means taking control of the entire information system. Cybercriminals exploit vulnerabilities and misconfigurations across numerous attack paths to escalate privileges and reach critical resources.
AD Rating® enables you to:
Microsoft Active Directory domain controllers centralize the management of identities, access rights, and critical permissions across the entire organization. This central role makes them the primary target for cybercriminals: compromising the directory service opens unrestricted access to the entire information system.
The market has taken notice: according to the CESIN 2025 Barometer, 92% of large enterprises have deployed or are planning to deploy an Active Directory security posture monitoring solution. The question is no longer whether AD needs to be secured, but how to do it effectively and continuously.
Exposed privileged accounts — providing unrestricted access to the entire infrastructure
Misconfigured GPOs — facilitating privilege escalation and attack propagation
Misconfigured delegations and access rights — opening lateral attack paths to critical resources
AD Rating® provides a complete, continuous view of your Active Directory and domain controller security. The solution detects critical vulnerabilities, prioritizes remediation actions, and facilitates governance — whether for a single organization or a multi-subsidiary group operating across multi-domain and multi-forest environments. Its unique AD maturity indicator, the Active Directory security score 0–1,000, enables you to objectively measure your protection level and track your progress over time.
AD Rating® performs in-depth analysis of all known attack vectors on Active Directory:
Available in French, English, German, Italian, and Spanish — designed for international organizations.
.png)
AD Rating® focuses on the security of your on-premises Active Directory. To assess and monitor the security of your Microsoft 365 and Microsoft Entra ID environment, discover 365 Rating®, our dedicated solution.
Traditional Active Directory audits — whether one-time engagements conducted by consultants, homemade PowerShell scripts, or open-source tools — present structural limitations against today's threat landscape.
| Criterion | AD Rating® | One-Time Audit / Homemade Scripts |
|---|---|---|
| Analysis frequency | ✅ Continuous, real-time | One-time (1x/year) |
| Coverage | ✅ 170+ controls across 11 axes validated by our offensive security team |
✅ Variable, must be configured |
| Attack path detection | ✅ Yes, compromise scenarios identified | |
| Synthetic score / indicator | ✅ Score 0–1,000 | ❌ None |
| Executive reports | ✅ Yes, automated | ❌ Manual drafting |
| Multi-domain / multi-subsidiary | ✅ Native | ❌ Complex to consolidate |
| Hybrid environments (Entra ID / 365 Rating®) |
✅ Covered | ❌ Often excluded |
| Prioritized remediation | ✅ Yes, with criticality level | ✅ Often available |
| NIS2 / DORA / ISO 27001 compliance | ✅ Built-in control points | ❌ Must be built manually |
AD Rating® brings a fundamentally different approach:
Download the AD Rating® installer and retrieve your API key from the Board of Cyber platform
Install the AD Rating® agent on a machine in your IT environment that belongs to the AD domain being assessed. The machine does not need to be a domain controller and does not require specific administrator rights
Enter the agent-specific API key to complete the installation
The agent performs measurements and periodically sends the collected data to the platform. The agent must be able to connect to the AD Rating SaaS platform via the internet
Discover risks, scores, and recommendations directly on the Board of Cyber platform
❝ A poorly secured Active Directory is a prime target for cybercriminals, yet the issue is often underestimated. AD Rating® helped us structure our approach very precisely: managing privileged accounts, identifying critical weaknesses, prioritizing actions. It is a highly operational tool, but also an excellent governance tool. It makes visible risks that would otherwise be difficult to quantify and manage — and helps build a culture of rigor and continuous improvement. ❞
Samuel Bafourd, CIO at Seven2
Reduce your attack surface and protect critical resources with continuous analysis of your Microsoft Active Directory configuration.
Identity is the cornerstone of information system security. AD Rating® provides continuous monitoring of user accounts, privileged accounts, and sensitive access rights.
NIS2, DORA, and ISO 27001 place identity and access security at the heart of compliance requirements. AD Rating® generates the evidence and reports needed for your audits.
For international groups, investment funds, or managed service providers, AD Rating® enables continuous assessment and monitoring of the Active Directory security of your subsidiaries, partners, or clients.
An Active Directory audit is a thorough analysis of the configuration, access rights, privileged accounts, and security policies of a Microsoft Active Directory environment. Its goal is to identify vulnerabilities, misconfigurations, and potential attack paths before a cybercriminal exploits them. An audit can be conducted periodically by a consultant or, as with AD Rating®, continuously and automatically.
Active Directory centralizes all identities, access rights, and permissions across an organization. Compromising it means taking full control of the information system. Microsoft reports 95 million attack attempts targeting Active Directory accounts every day — a daily pressure that only continuous monitoring can absorb. This is why AD is systematically involved in the early stages of advanced cyberattacks: once a domain controller is compromised, an attacker can move freely across the network, escalate privileges, and reach all critical resources.
PingCastle and BloodHound are useful tools for one-time analyses, often used during penetration tests or manual audits. AD Rating® is a SaaS platform built for continuous operational use: it automates analysis on a control baseline fully managed by Board of Cyber, with no configuration or AD expertise required on your end. AD Rating® generates an Active Directory security score readable by executive leadership, prioritizes remediations, and produces reports tailored for both technical teams and the C-suite. It is designed for teams that need to manage their AD security over the long term, not just assess it occasionally.
Securing an Active Directory relies on several pillars: reducing the number of privileged accounts and implementing a tiering model, hardening domain controller configurations, controlling delegations and access rights, keeping systems up to date, and regularly auditing GPOs. But AD security is not a fixed state — it is a continuous process. Configurations drift, accounts accumulate, and new vulnerabilities emerge. That is precisely why a continuous audit solution like AD Rating® is more effective than an annual audit.
AD Rating® is designed for any organization running Active Directory, regardless of size. While large enterprises benefit from multi-domain and multi-subsidiary features, SMBs and mid-market companies also gain from the clear score, prioritized recommendations, and ease of deployment — with no need for a dedicated security team to interpret the results.
Yes. NIS2 and DORA require organizations to demonstrate active management of identity and access risks. AD Rating® integrates the critical control points associated with these regulations, generates exportable reports for use during audits, and enables documentation of continuous security posture improvement — three key elements for satisfying regulatory requirements.
