Identify Domain Controllers

[JeffOdegard]

We need to identify when a Windows Server 2003, 2008 or 2012 is a Domain Controller from scan data.

1. When we detect one of the Server OS's, it should be assigned the MS checklist unless one of the following conditions is met: a. On Nessus scan import, if any of the following ports are open, assign the DC STIG:

• 389 TCP/UDP (LDAP), 636 TCP (LDAPS), 88 TCP/UDP (Kerberos), 3268 TCP (LDAP GC), 3269 TCP (LDAP GC SSL)
  b. On SCC or .CKL export, if the Scan Data is for the DC STIG.

On those systems determined to be a DC, apply the DC version of the STIG and the AD Forest and Domain STIGS.

If this isn't that hard, I'd love to see it in 1.3.4...