Your Active Directory data never leaves your network.
ADscan is built for regulated environments where data sovereignty is not negotiable. It runs entirely on-premise, with no agents, and the telemetry it sends is anonymous and fully sanitized. No engagement data ever crosses your perimeter.
Built for environments where trust is earned, not assumed.
Every architectural decision answers one question first: can this expose the customer's environment? The answer is designed to be no, by construction rather than by policy.
100% on-premises
ADscan runs entirely within your network perimeter. No data is sent to ADscan servers, cloud providers, or third parties. Ever.
Transparent telemetry
ADscan collects anonymous, sanitized usage analytics to improve the tool. Zero engagement data (no domains, IPs, credentials, or scan results) ever leaves your machine. Disable it with one command: telemetry off.
No agents required
ADscan operates from a single domain-joined Windows VM. Nothing is installed on endpoints, domain controllers, or servers.
Offline license support
Fully air-gapped deployments are supported. ADscan includes an optional on-prem license server for environments without internet access.
Operator confirmation
Every exploitation step requires explicit operator confirmation. ADscan never autonomously modifies AD objects, user accounts, or group policies.
Data sovereignty
All assessment data, findings, and reports are generated and stored locally. You control what is shared, and with whom.
What ADscan reads, and what it never transmits.
ADscan issues standard LDAP queries: the same data any authenticated domain user can already read. Nothing is modified, exported, or transmitted.
Reads, on-prem only
- User and computer accounts (LDAP attributes)
- Group memberships and nested groups
- Group Policy Objects (GPOs)
- ACLs and delegation permissions
- ADCS certificate templates
- Kerberos delegation settings
- Trust relationships between domains
Never does
- Never sends AD data, credentials, or scan results outside your network
- Never modifies AD objects without operator confirmation
- Never stores credentials in the cloud
- Never requires internet connectivity (optional for license validation only)
- Never installs agents on any endpoint
- Never changes group policies or permissions
Audit-ready evidence, mapped to the frameworks that bind you.
Each ADscan finding maps to the control it satisfies, so the report your supervisor sees is already in their language.
ENS Alto (CCN-CERT)
Report included- op.acc.1Identificación y autenticación
- op.acc.4Proceso de gestión de derechos de acceso
- op.exp.2Gestión de la configuración de seguridad
- mp.s.4Protección de servicios y aplicaciones web
ADscan generates traceable evidence mapped to each ENS Alto measure, ready for CCN-CERT audits.
NIS2 (Directive EU 2022/2555)
Report included- Art. 21(2)(a)Risk analysis and information system security
- Art. 21(2)(e)Network and information systems security
- Art. 21(2)(h)Cryptography and encryption
- Art. 21(2)(i)Human resources security and access control
Attack path reports directly support NIS2 Article 21 risk management obligations.
ISO 27001:2022
Report included- A.5.17Authentication information
- A.5.18Access rights
- A.8.2Privileged access rights
- A.8.5Secure authentication
- A.8.8Management of technical vulnerabilities
ADscan findings map to Annex A controls and generate audit evidence for ISO 27001 certification bodies.
DORA (EU 2022/2554)
Report included- Art. 5ICT risk management framework
- Art. 9(2)ICT security policies and access control
- Art. 9(4)Identity management and MFA
- Art. 10Continuous detection of anomalies
DORA applies from January 2025. ADscan maps AD findings to DORA Chapter II requirements for banks, insurers, and investment firms.
GDPR / RGPD
By design- Art. 32Security of processing (technical measures)
- Recital 49Network and information security
ADscan is GDPR-compliant by design: 100% on-prem, no personal data transmitted, full data sovereignty.
Found something in ADscan itself?
If you discover a security vulnerability in ADscan, report it responsibly. We take security reports seriously and respond within 48 hours.
Validate your AD security posture, on your own terms.
100% on-prem. No cloud. We run ADscan live in your environment and deliver the full compliance report in the same session.