Managing domains

Handle complex environments
Home » Documentation » Managing domains

PingCastle supports very complex environment by allowing the entry of context information such as the BU or Entity owning the domain, its status or many other information such as user migrations between domains.

Don’t forget to look at PingCastle Enterprise for a more robust governance process!

Prerequisites

h

Inventory input

The list of domains that are already known in the FQDN form and their owner

Z

Approved exceptions

No model is perfect and need sometimes to be tuned

Build it

The special file ad_gc_entitymap.xlsx is used to provide business input to PingCastle reports.

Run the program PingCastleReporting and enter “template” in the interactive mode. An empty ad_gc_entitymap.xlsx will be created. As an alternative, run the command:

PingCastleReporting.exe --gc-template
Download an example

The configuration file contains 3 sheets:

  1. The sheet “Domains” making the link with a domain and its owner
    The 2 mandatory columns are : BU and Domain. Entity, Contact or Comment can be left blank.
  2. The sheet “Migrations” to not impact the score of an AD being officially migrated
  3. The sheet “Exceptions” to deal with false positive or with situation whose risks have been accepted

The individual scores of the domains will be recomputed to take the information of the sheet “Migrations” and “Exceptions” into account. For example the rules about SID Filtering or SID History.