Active Directory

Active Directory

Available

On-Prem / Identity

Active Directory is the authoritative identity source for most enterprise environments, and the organizational context it provides directly feeds Koopic's risk model. OU structure maps to business criticality tiers; stale last-logon timestamps flag potentially unmanaged assets; domain membership establishes the baseline scope of management policy. Koopic reads computer objects, domain hierarchy, OU assignments, and machine metadata via the on-prem agent, then uses that context when scoring vulnerabilities on those assets.

Signal in your risk score

Data from Active Directory flows into Koopic's unified asset inventory and shapes how vulnerabilities are scored. Koopic combines asset context - exposure, control presence, criticality - with CVSS severity, EPSS exploit probability, and CISA KEV membership to produce a single, explainable risk score per vulnerability per asset. A CVSS 9.8 on a segmented host with a compensating control scores lower than a CVSS 7.4 on an internet-exposed, unmanaged endpoint with no control in place.

What Active Directory contributes to risk scoring

Computer object discovery from AD/LDAP
OU structure and domain hierarchy
Last logon timestamp and account status
OS version and service pack from AD attributes
Supports LDAP and LDAPS (TLS) connections
Configurable search base and LDAP filters

How to connect

1

Deploy the Koopic Agent

Run the Koopic Agent Docker container on a machine with network access to your domain controller.

2

Configure LDAP credentials

In the Agent WebUI, add your LDAP server URL, bind DN, and password. Credentials are stored in an encrypted local vault.

3

Set the search base

Specify the LDAP search base (e.g., DC=corp,DC=example,DC=com) and optional filter criteria.

4

Register with Koopic Cloud

Complete the agent-to-cloud registration with secure key exchange. Data is encrypted end-to-end.

How teams use this data

Baseline Inventory

Use AD as the authoritative source for computer identity, then enrich with data from security tools.

Stale Account Detection

Identify computer objects with old lastLogon timestamps that may represent decommissioned or inactive machines.

OU-Based Grouping

Map AD organizational units to Koopic asset groups for team-based access control.

Related integrations

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint

EDR sensor health and endpoint control presence - a key compensating-control signal for risk scoring.
Microsoft Intune

Microsoft Intune

MDM enrollment and compliance status - distinguishes managed endpoints from unmanaged exposure.
Azure Virtual Machines

Azure Virtual Machines

Cloud VM exposure context - internet-facing cloud assets carry higher inherent risk weight.

See it on your data

Work with us directly to run Koopic's prioritization engine on your actual vulnerability and asset data.

Become a design partner How the scoring works