Active Directory Domain Security Trust Reports

Active Directory Security Trusts play a mission-critical role in facilitating access between Active Directory domains and forests. The need to have insight into their state and security is thus vital to organizational security, and Security Trust Reports provide organizations this vital insight.

ACTIVE DIRECTORY SECURITY TRUST REPORTS

The following is a list of the Top-10 Active Directory Domain Security Trust Reports that are vital for security and generally required for security auditing and to demonstrate regulatory compliance –

I. Security State Reports –

   The following Active Directory Trust reports provide insight into the security state of these trusts –

1. All trust relationships
2. All recently commissioned trust relationships (i.e. created in the last few days)
3. All recently modified trust relationships (i.e. changed in the last few days)
4. All enabled trust relationships
5. All disabled trust relationships
6. All external trust relationships
7. All cross-forest trust relationships
8. All trust relationships to Kerberos realms
9. All trust relationships for which SID filtering is disabled
10. All trust relationships for which Selective Authentication is enabled

II. Delegated Administrative Access Reports –

   The management of Active Directory trusts is a highly-sensitive and mission-critical operation and
   authority to perform Active Directory Security Trust Management tasks must never be delegated.

How to Generate these Group Reports:

   Organizations generally have two predominant reporting options to fulfill their AD reporting needs,
   and most prefer to use reporting tools, especially to fulfill their delegated access reporting needs.

   The Microsoft-endorsed Gold Finger Active Directory reporting tool can also generate these reports.