EN FR
SYAGA Consulting - IT Security & Compliance Expertise
contact@syaga.fr
New - Multi-Framework Active Directory Audit

AD Scanner - Active Directory Audit
Multi-Framework

357 modules, 4 frameworks: a multi-framework Active Directory audit. APT detection, ADCS analysis and dual SYAGA + ANSSI scoring for every finding.

357 modules
4 frameworks
APT APT Detection
2x Dual scoring

The context

Active Directory is at the heart of enterprise identity management. A regular, multi-framework audit precisely measures its hardening level.

🔍
Identities

AD centralises accounts, groups and access rights across the information system

📊
Partial

free tools only cover a fraction of the control points

🔒
ESC1-ESC16

Certificate Services (ADCS) add 16 specific control points

📜
NIS2 + GDPR

require a regular audit of the corporate directory

The AD Scanner solution

An Active Directory scanner built for demanding auditors: exhaustive coverage, advanced detection and multi-framework scoring.

📋

Multi-Framework Audit

Aligned with ANSSI, GDPR, NIS2 and ISO 27001

🕷

APT Detection

Identification of Nobelium, APT29, APT28 markers in your AD

🔒

ADCS Analysis

Exhaustive verification of the 16 ESC vulnerabilities in Certificate Services

Key features

AD Scanner combines exhaustive coverage, threat intelligence and actionable scoring for an uncompromising Active Directory audit.

🛠

357 verification modules

Complete coverage: users, groups, GPOs, ADCS, DNS, replication. Each module tests a precise control point with reference to the source standard.

📈

Dual SYAGA + ANSSI scoring

Each finding receives a SYAGA score (0-100) and an ANSSI level (1-5). Two complementary perspectives to prioritise remediation.

🕷

APT persistence detection

Identification of advanced attack markers: Golden Ticket, Silver Ticket, DCSync, DCShadow. Based on MITRE ATT&CK.

📄

Executive + technical report

Executive PDF report (summary, KPIs, charts) + detailed technical report with a prioritised remediation plan and an Excel export of findings.

Standards & compliance

AD Scanner covers the main Active Directory security frameworks required by European regulations and international best practices.

ANSSI AD Hardening
ANSSI AD Security
GDPR Art.32
NIS2
ISO 27001
MITRE ATT&CK

Our plans

Choose the plan that fits your needs. All plans include a full scan of your Active Directory.

Coming soon online - contact us for a personalised quote

Express

1,990 EUR
excl. VAT / domain
  • Full 357-module scan
  • Executive + technical PDF report
  • Excel export of findings
  • Dual SYAGA + ANSSI scoring
  • Delivered within 48 hours
  • 15-day email support
Talk to an expert

Premium

7,990 EUR
excl. VAT / domain
  • Everything in Standard, plus
  • Full audit + guided remediation
  • Unlimited rescans
  • 6-month follow-up
  • Dedicated point of contact
  • Remediation workshop (remote)
Talk to an expert

Frequently asked questions

Answers to the most common questions about AD Scanner.

Do you need Domain Admin access?
No, an account with Active Directory read rights is enough. AD Scanner runs in read-only mode and requires no administrative privileges on the domain. A standard user account with read access to the directory is sufficient.
Does the scan impact the domain?
No, AD Scanner is 100% read-only. No changes are made to your Active Directory during the scan. LDAP queries are optimised to minimise the load on domain controllers.
Does the scan support multi-domain and multi-forest environments?
Yes, AD Scanner performs a cross-cutting scan analysing trust relationships between domains and forests. Vulnerabilities related to misconfigured trusts are specifically detected.
Is AD Scanner compatible with Azure AD / Entra ID?
AD Scanner covers on-premises Active Directory (AD DS). For auditing Entra ID (formerly Azure AD), our SYAGA Audit product offers dedicated coverage. The two products are complementary for a hybrid environment.
How long does the scan take?
Between 15 and 45 minutes depending on the size of the domain (number of objects, GPOs, sites). Results are available immediately after the scan. The final report is delivered within 48 hours after review by our experts.
What format is the report?
You receive three deliverables: an executive PDF report (management summary with KPIs and charts), a detailed technical PDF report (every finding with scoring, evidence and remediation), and an Excel export of all findings for operational follow-up.

We move forward together

We do things together. But you can already get started on your own.

You do part of it yourself, we take over whenever you decide. You choose your plan and your level of support.

1On your own

Self-service tools

Audit tools and chatbots, available instantly. You measure, test and understand for yourself, with nothing to install.

2AI-augmented

Agents that collect and analyse

Collection and analysis agents, powered by more advanced AI. The platform digs, correlates and prioritises on your behalf.

3With our experts

Access to our experts

Our experts run the platform with you. They decide, step in and support you over the long term. That's where success is built.

You remain free at every step. If you keep working with us, it's because we're useful and relevant, never through pressure.

Measure the state of your Active Directory

Talk to an expert about AD Scanner. Response within 24 hours.