User accounts with DCSync permissions are reviewed at least annually, and those without an ongoing requirement for the permissions have them removed.
Topic
Microsoft Active Directory Domain Services account hardening
Applicable to
all
History
Sep 2024
User accounts with DCSync permissions are reviewed at least annually, and those without an ongoing requirement for the permissions have them removed.
A new control was added recommending that user accounts with DCSync permissions be reviewed at least annually, and those without an ongoing requirement for the permissions have them removed.