This active directory work program focuses on the general aspects of user management/administration. It includes the questions on key control, preferred controls/goal state for production, and intent/status of designed control for each question.
Sample control questions include: Are the policies complete and detailed in nature? How often are the policies reviewed for accuracy? Have the policies been accepted by the affected individuals and/or groups? Does a formal information security policy exist? Are user maintenance procedures defined to ensure that user accounts are provisioned and terminated in a timely manner and have access rights in accordance with business functions (need-to-know)?