Active Directory Starter Scan  Background As part of our...

It's frustrating that you have to search the community discussions forum to find out how to use new features like these :-(

Here's how I got it working in Tenable.sc:

1. Create a new policy using the Active Directory Starter Scan template (eg. called ADSCAN).
2. Accept all the defaults for Port scanning, Assessment and Results tabs.
3. On the Authentication tab, click Add Authentication Settings and choose type=Miscellaneous then ADSI, then click Select.
4. For Domain Controller, I enter the FQDN of a DC near one of my managed Nessus scanners.
5. For Domain, I entered the NETBIOS domain name.
6. For Domain Admin, I entered the samaccountname of a domain administrator account, and then obviously the password in the Domain Password field.
7. Click Submit to save the policy.
8. Then create a new Active Scan.
9. Give it a name and for the Policy, select the policy created above (ie. ADSCAN)
10. On Settings tab, I just import into my normal repository for vulnerabilities.
11. On Targets tab, I specified the same FQDN of the DC used in step 4 above.
12. On Credentials tab, I chose the credential that I know has Domain Admin rights (same one I used in step 6 above).
13. Click Submit to save the scan.
14. Run the scan and then view the results.

It seems to only fire one of the new plugins when something bad is found, so for me, I didn't get results for all 10 new AD plugins - only a few.

Hope this helps someone else.