PingCastle provides a fast and efficient Active Directory security risk assessment, identifying 80% of critical issues in 20% of the time.
PingCastle - Get Active Directory Security at 80% in 20% of the time
PingCastle is used by IT administrators and security professionals to quickly evaluate the security posture of Active Directory environments. It helps identify vulnerabilities, assess risks, and generate comprehensive reports to guide remediation efforts and compliance auditing.
PingCastle requires appropriate permissions to query Active Directory and should be run in environments where such access is granted. The tool balances thoroughness and efficiency, making it suitable for regular security assessments without extensive overhead. Support for the open source edition will continue under Netwrix stewardship, with end of support for current version scheduled for 1/31/2026.
Download the PingCastle executable or source code from the GitHub repository or official website
Build the project using Visual Studio 2012 through Visual Studio 2022 if compiling from source
Run the executable directly on a Windows machine with access to the Active Directory environment1-healthcheck
Scores the risk of an Active Directory domain by performing a comprehensive health check.
2-azuread
Scores the risk of an Azure Active Directory environment.
3-conso
Aggregates multiple PingCastle reports into a single consolidated report.
4-carto
Builds a map of all interconnected Active Directory domains based on trust relationships.
5-scanner
Performs specific security checks on workstations within the domain.
6-export
Exports user or computer information from the Active Directory.
7-advanced
Opens the advanced menu for additional options and configurations.
--help
Displays help information and available command line switches.