STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Active Directory Domain Security Technical Implementation Guide

V-243500

CAT II (Medium)

Active Directory must be supported by multiple domain controllers where the Risk Management Framework categorization for Availability is moderate or high.

Rule ID

SV-243500r959010_rule

STIG

Active Directory Domain Security Technical Implementation Guide

Version

V3R7

CCIs

CCI-000366

Discussion

In Active Directory (AD) architecture, multiple domain controllers provide availability through redundancy. If an AD domain or servers within it have an Availability categorization of medium or high and the domain is supported by only a single domain controller, an outage of that machine can prevent users from accessing resources on servers in that domain and in other AD domains.

Check Content

Determine the Availability categorization information for the domain.
If the Availability categorization of the domain is low, this is NA.
If the Availability categorization of the domain is moderate or high, verify the domain is supported by more than one domain controller.
Start "Active Directory Users and Computers" (Available from various menus or run "dsa.msc").
Expand the left pane item that matches the domain being reviewed.
Select the Domain Controllers Organizational Unit (OU) in the left pane.

If there is only one domain controller in the OU, this is a finding.

Fix Text

Implement multiple domain controllers in domains with an Availability categorization of moderate or high.