Documentation

Microsoft Active Directory | Insights

Suggest Edits

Find dormant privileged AD accounts

As an admin, you suspect that some on-prem AD accounts haven’t been used in months and hold high privileges.

Walkthrough

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.

  2. From the top left of the page, click > Insights > Accounts.
    The Accounts page displays.

  3. Set these filters:
    Provider = Microsoft Active Directory
    Type = Dormant

  4. Sort by the True Privilege column. Select Highest and High.

  5. Drill into any dormant accounts flagged with high or highest privilege.

How does this information help?

  • Dormant privileged accounts are prime backdoors for attackers.
  • Provides instant hygiene visibility without scripting or AD PowerShell queries.

What can you do?

  • Disable or delete unused accounts.
  • In break glass scenarios, where emergency access to privileged AD accounts is needed, preserve these accounts by managing them securely through Password Safe or JIT provisioning.

Detect duplicate passwords across AD accounts

As an admin, you want to check whether users are reusing the same password across multiple AD accounts, including standard, admin, service, and other privileged or non-privileged accounts.

Walkthrough

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.

  2. From the top left of the page, click > Insights > Reporting.
    The Reports page displays.

  3. Go to Reports > Password Integrity > Shared Passwords.

  4. Set these filters:
    Provider = Microsoft Active Directory

  5. Review accounts with shared or duplicated credentials, especially those with high privilege.

How does this information help?

  • Exposes the “same password across user + admin account” risk.
  • Shows blast radius if one compromised credential unlocks multiple accounts.

What can you do?

  • Reset shared passwords.
  • Enforce policies requiring unique credentials across all account types.

Prioritize compromised AD credentials

As a security admin, you’ve been alerted that some AD accounts with compromised credentials. You want to see the accounts with the most risk.

Walkthrough

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.

  2. From the top left of the page, click > Insights > Recommendations.
    The Recommendations page displays.

  3. Filter for compromised in Active Directory. (Recommendation name = Account with compromised password)

  4. Drill into highest-privileged compromised accounts first.

How does this information help?

  • Focuses triage on accounts where compromise = maximum damage.
  • Cuts through noise: not every leaked credential is equal.

What can you do?

  • Reset compromised credentials immediately.
  • Investigate potential lateral movement if privileged accounts were exposed.

Trace cross-domain escalation paths (AD ↔ Entra ID)

You’re concerned that synced accounts between AD and Microsoft Entra ID could provide unexpected escalation.

Walkthrough

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.

  2. From the top left of the page, click > Insights > Dashboards.
    The Identity Security Insights page displays.

  3. Click View Escalation Paths.
    The Entitlements page displays.

  4. Filter for cross-domain = Active Directory ↔ Entra ID.

  5. Review paths where a compromised cloud account unlocks domain admin rights on-prem.

How does this information help?

  • Shows why hybrid identity = hybrid risk.
  • Makes password sync + privilege inheritance transparent.

What can you do?

  • Harden synchronization and group memberships.
  • Break risky domain admin assignments tied to synced accounts.

Audit privileged service accounts

As a security admin, you want to understand which non-human AD accounts hold high levels of privilege.

Walkthrough

  1. Sign into app.beyondtrust.io.
    The BeyondTrust Home page displays.

  2. From the top left of the page, click > Insights > Accounts.
    The Accounts page displays.

  3. Set these filters:
    Provider = Active Directory
    Account type = Service Account

  4. Sort by the True Privilege. Select Highest and High.

  5. Drill into entitlements to see which services have domain admin or equivalent rights.

How does this information help?

  • Surfaces overprivileged service accounts which is a common issue in large enterprises.
  • Makes it easy to differentiate between legitimate service needs vs. excessive privilege.

What can you do?

  • Remove unnecessary roles from service accounts.
  • Are you using BeyondTrust Password Safe? Transition critical service accounts into Password Safe for better control.

Updated about 8 hours ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.