This active directory audit work program focuses on the access request procedures within user management/administration. It includes questions on key controls, the goal state for production and the status of designed controls.
Sample control questions include: Are documented procedures implemented that define how user access is granted? Has a documented approval tree been defined to approve and take responsibility for all access? Are documented user templates used for all levels of access in each forest and domain? What additional controls have been implemented around contractor or temporary user access?