Operations to perform
This step requires in input a file describing the organization of the Active Directory domains. This information can be an empty file at the start and this file can be completed after each run. The procedure to create it is described below.
- Create an empty configuration file
- Run the advanced consolidation to create the Excel report
- Use the information provided in the report to complete the configuration file
- Iterate to the 2nd step until all domains have been assigned to an owner
- Produce the PowerPoint report
Run the program PingCastleReporting and enter “template” in the interactive mode. An empty ad_gc_entitymap.xlsx will be created. As an alternative, run the command:
The configuration file contains 3 sheets:
- The sheet “Domains” making the link with a domain and its owner
The 2 mandatory columns are : BU and Domain. Entity, Contact or Comment can be left blank.
- The sheet “Migrations” to not impact the score of an AD being officially migrated
- The sheet “Exceptions” to deal with false positive or with situation whose risks have been accepted
The individual scores of the domains will be recomputed to take the information of the sheet “Migrations” and “Exceptions” into account. For example the rules about SID Filtering or SID History.
Generation of the Excel report
Run the program PingCastleReporting and enter in the interactive mode “conso”. As an alternative, run the command:
The program will load the file ad_gc_entitymap.xlsx in the current path and produce the Excel file ad_gc_summary_group.xlsx. It will also produce the maps described at the previous chapter.
The file ad_gc_summary_group.xlsx is an Excel file composed by many sheets:
- The sheet BU and entity contains information related to the BU level or the Entity level.
- The sheet Domains contains the detailed information related to the domains’ scores combined with the information specified in the configuration file.
- The sheet Trusts contains the detailed information related to the trusts.
- The sheet Discovered AD displays the domains found and their probable assignation. This information can be used to complete the configuration file.
- The sheet Migrations summarize the migration of users or computers between domains. It helps setup the Migrations sheet of the configuration file to be able to tune the configuration and adjusts the score in consequence.
Generation of the PowerPoint report
Run the program PingCastleReporting and enter in the interactive mode “overview”. As an alternative, run the command:
The program will load the file ad_gc_entitymap.xlsx in the current path and produce the Powerpoint file ad_gc_overview.pptx.
The template used to generate can be exported with the flag –export-pptx-template, modified, then loaded using the flag –use-pptx-template. Only slides with special notes will be altered.