Thycotic made a free tool available to check for bad password in Active Directory
UNCOVER YOUR MOST VULNERABLE SECURITY GAPS: FREE WEAK PASSWORD FINDER FOR ACTIVE DIRECTORY
https://thycotic.com/solutions/free-it-tools/
If we dig into the about file
The core functionality of this product has been inspired by Jakob Heidelberg https://www.linkedin.com/in/heidelberg and developed by Michael Grafnetter https://www.linkedin.com/in/grafnetter.
We can see where the inspiration and development came from , and thank you to Thycotic for making this tool available for free
This is just a quick drill through with the detection from Advanced Threat Analytics
Running on a member server pointing to DC and Domain
Using the overpowered administrator i have logged on with
and ready to scan
Looking through all AD objects
And reporting time
Something very pretty to present to security/management
with 26 items on the todo list to fix
and to the point of the post , Microsoft Advanced Threat Analytics catches the non standard replication
When time permits further digging in the tool , for production enviroment i would always run this in a restored domain controller without network access even though i trust the people involved in this