Spot weaknesses in Active Directory before attackers do with Purple Knight.

→ #1 AD assessment tool → 23,000+ downloads → 150+ security indicators → 45% attack surface reduction

Active Directory (AD) holds the “keys to the kingdom,” and if not safeguarded properly, it will compromise your entire security infrastructure. Purple Knight is a free Active Directory security assessment tool built and managed by an elite group of Microsoft identity experts. 

Active Directory, Azure AD (now called Entra ID), and Okta vulnerabilities can give attackers virtually unrestricted access to your organization’s network and resources. Semperis built Purple Knight—a free AD, Azure AD, and Okta security assessment tool—to help you discover indicators of exposure (IoEs) and indicators of compromise (IoCs) in your hybrid AD environment. Let us help you run Purple Knight and dramatically reduce your AD attack surface today. Questions?

Purple Knight provides valuable insight into your AD security posture. It runs as a standalone utility that queries your AD environment and performs a set of tests against many aspects of AD’s security posture, including AD Delegation, Account security, AD Infrastructure security, Group Policy security, and Kerberos security. See full list here. Purple Knight is intended to augment your security team with know-how from a community of security researchers to minimize your attack surface and stay ahead of the ever-changing threat landscape.

Do you have 15 min to check for vulnerabilities? Please enter info and we'll be in touch ASAP.

Company Name

Common vulnerabilities uncovered in report:
• Non-default principals with DC Sync rights on the domain
• Privileged users with weak passwords
• Anonymous access to Active Directory enabled
• Unprotected accounts with admin rights
• User & admin accounts with old passwords
• Azure AD privileged users that are also privileged in AD

Click here to see the report.

“We were able to harden our Active Directory like never before – making sure it’s absolutely secure.” – VP of IT at AMOCO

During internal risk assessments, AMOCO realized they some work to do to secure Active Directory. Möbius Partners helped deploy the Semperis Purple Knight tool to identify vulnerabilities on AD in less than 15 minutes. They worked with AMOCO to remediate the vulnerabilities and introduced Directory Services Protector (DSP) to further protect their AD giving AMOCO peace of mind that everything is secure. Purple Knight is a security vulnerability scanning engine to quickly find all “Indicators of Exposure” & “Indicators of Compromise” within AD.

What’s in the report?

This example report summarizes the Active Directory security assessment results performed by the Semperis Purple Knight tool. The assessment performed includes querying your AD environment and running a series of security indicator scripts against domains in the selected forest. This assessment represents opportunities for enhancing this AD environment from a security perspective in accordance with industry best practices. Click here for a sample Purple Knight report.

Use Cases:

  • Active Directory Audit – Organization is preparing or recently paid for an IT audit and need a second tool
  • Recent acquisition – visibility of their Active Directory before trusting or migrating a forest into your own
  • Need more data for compliance reporting
  • Another method to expand risk prevention

Tool Auditing Overview

  • Active Directory Security Report Card
  • Pre and Post Attack Security
  • Community Driven Threat Models
  • Prioritized, Actionable Guidance
  • MITRE ATT&CK Correlation

Tool Highlights

  • Simple download and execute; Domain Admin NOT required
  • Scans Active Directory within connected enterprise domain
  • Creates snapshot report of a “point in time” status & vulnerabilities
  • Currently includes 70+ IOCs (compromise) and IOEs (exposure) based on MITRE ATT&CK framework
  • Report output maps known vulnerabilities to a Risk Score (High, Med, Low) with description of vulnerabilities
  • Suggests prescribed remediation activity for each IOC/IOE identified.
  • Typically it takes less than 15 minutes

To get started, chat in the lower right or email We have an entire podcast episode dedicated to this topic: To see an overview of our Security expertise, please visit here.

Speak with an
IT Professional Today!

Please fill out this form and we'll get right back to you.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.