Active Directory (AD) is the backbone of identity and access management in most Windows-based environments. It acts as the central directory service organizations rely on to manage users, computers, and permissions in a secure, structured way.

Nearly every application and tool connects to AD — whether for authentication, directory browsing, or single sign-on (SSO). This makes AD incredibly powerful, but also a prime target: it holds sensitive information such as usernames and passwords, network structure details, and access rights and permissions.

Because AD is the "keyring" of the organization, attackers who gain access to it can potentially unlock critical systems and data. That's why integrating Active Directory with the Cye Exposure Management Platform is so valuable: it surfaces weaknesses in AD configuration and usage, tying them directly to business risk.

Make sure you have:

You'll also need a machine for the on-prem connector that has access to AD (but is not a domain controller), has Docker Engine installed, and provides a read-only AD account for the connector user.

Allow traffic from the Cye platform's servers in your firewall or network configuration:

The Cye platform connects to AD through an on-premises connector, which collects vulnerability data from AD every 24 hours and acts as a secure mediator — the Cye platform never accesses AD directly.

Integrations are created only at the subsidiary level. Findings from an integration appear only in that subsidiary's dashboards and reports. Parent companies cannot create integrations — they can only view aggregated results.

Fill in the required fields (marked with a red asterisk): LDAP Username, LDAP Password, and Domain Name. Optional fields include Domain controller FQDN, Domain controller IP, LDAP port, and Use LDAP over SSL.

Install the connector on a machine that has access to AD — do not install on a domain controller.

Copy and run each command line shown in the platform in your terminal. Once complete, you'll see a green "Running" message confirming success.

Note: The script is available for download for one hour only.

Findings collected from Active Directory appear on the Cye platform's Findings page, updated every 24 hours. To filter: go to Findings, open the filter panel, and select Source → Active Directory.

Note: Active Directory findings do not support Auto-Fix. Remediation statuses must be updated manually.

The Cye platform identifies findings related to AD configuration and usage issues, each linked to NIST subcategories. Examples include: high-risk maintenance procedures, insufficient security update policies, use of outdated technologies, excessive permissions, insufficient Kerberos hardening, and unused domain accounts.

To uninstall the connector from your machine:

To edit the integration, click Edit Integration, make your changes, click Save, and download a new script.

With the Active Directory integration in place, the Cye platform surfaces AD risks directly in your findings and maturity assessment — giving you clearer visibility and focused steps toward stronger cyber resilience.