What gets assessed
A good AD assessment looks at users, groups, computers, domain controllers, service accounts, delegation, trust relationships, sessions, password policy, audit coverage, and cloud identity connections where relevant.
The goal is not to produce the longest list of issues. The goal is to identify which identity weaknesses create realistic paths to high-impact control.
- Who can administer Tier Zero systems?
- Which ordinary accounts sit on paths to privileged access?
- Which stale groups, sessions, or delegated rights create risk?
- Which fixes remove the most attack paths first?
Run the assessment locally
Turn identity and network evidence into a report while you test.
Zypheron Desktop keeps scan output, AD and cloud paths, notes, and report views in one local workspace for lean internal teams.
How it differs from vulnerability scanning
A vulnerability scan may find missing patches and exposed services. An AD assessment asks how identities and privileges combine. A low-severity configuration issue can become critical when it sits on a path to a domain controller.
That makes evidence structure important. The report should show the path logic, not just the misconfiguration name.
What the deliverable should contain
The best deliverable separates executive risk from technical remediation while keeping both traceable. Leaders need impact and priority. Administrators need the account, object, edge, command output, screenshot, and fix path.
Zypheron helps by keeping assessment evidence and report views connected instead of treating the report as a separate final-day project.