It's frustrating that you have to search the community discussions forum to find out how to use new features like these :-(

Here's how I got it working in Tenable.sc:

1. Create a new policy using the Active Directory Starter Scan template (eg. called ADSCAN).
2. Accept all the defaults for Port scanning, Assessment and Results tabs.
3. On the Authentication tab, click Add Authentication Settings and choose type=Miscellaneous then ADSI, then click Select.
4. For Domain Controller, I enter the FQDN of a DC near one of my managed Nessus scanners.
5. For Domain, I entered the NETBIOS domain name.
6. For Domain Admin, I entered the samaccountname of a domain administrator account, and then obviously the password in the Domain Password field.
7. Click Submit to save the policy.
8. Then create a new Active Scan.
9. Give it a name and for the Policy, select the policy created above (ie. ADSCAN)
10. On Settings tab, I just import into my normal repository for vulnerabilities.
11. On Targets tab, I specified the same FQDN of the DC used in step 4 above.
12. On Credentials tab, I chose the credential that I know has Domain Admin rights (same one I used in step 6 above).
13. Click Submit to save the scan.
14. Run the scan and then view the results.

It seems to only fire one of the new plugins when something bad is found, so for me, I didn't get results for all 10 new AD plugins - only a few.

Hope this helps someone else.

Is just one AD server required in the Targets section? Does this need Domain Admin creds in Credentials section? (when I try add an existing Managed Credential they are all greyed out, and only allows me to add a Miscellaneous/ADSI cred). Thx

is there any instructions on how to setup the scan. I have the same issue as well?

One or more AD servers can be provided in the targets section. Managed credentials are not supported for AD controllers, credentials should be provided via Miscellaneous/ADSI.

what kind of credentials are required, or to put it differently, why are credentials required at all? we have nessus agents installed on our DCs to avoid sensitive credentials floating around somewhere.

@Jesus Galan​ 

So I am guessing if we wanted to scan multiple AD/DC's when we setup the credentials in the policy under Authentication>Misc>ADSI we would need to have an entry for each server we setup in the active scan under targets?

Also, if we are using port 636 rather than 389 is the policy/scan smart enough to figure that out? All the Tenable.SC documentation I can find only references port 389 when using the ADSI creds. I can't find anything about being able to specify port 636.

Lastly, are there any efforts being worked by tenable to allot the use of "managed" credentials? If we use an integration with an IAM Tool to manage credentials is Tenable working on a solution to allow the use of the managed creds in the policy or via the active scan like all other creds? Do we need to open a feature request for something like this?

For Nessus porfessional AD Starter Scan I have the following error:

adsi_enum.nbin: ADSI error

ADSI server (example.com) could not connect to server.

For a credentialed vulnerability scan, credentials work OK.

For AD Starter Scan no.

What to put on ADSI Domain Controller / Domain credentials?

Greetings? Did you have any support on this?

For Nessus porfessional AD Starter Scan I have the following error:

adsi_enum.nbin: ADSI error

ADSI server (example.com) could not connect to server.

For a credentialed vulnerability scan, credentials work OK.

For AD Starter Scan no.

What to put on ADSI Domain Controller / Domain credentials?