# Search & Reports The `Search & Reports` page provides an `Advanced Search` interface to generate reports on Active Directory inventory with builtin and custom queries.

{% hint style="info" %} You can see object's attributes and descriptions with pages below. {% endhint %} {% content-ref url="/pages/fmlz5bskaWBCJQ7cRkDg" %} [Domain](/fsprotect/search-and-reports/domain.md) {% endcontent-ref %} {% content-ref url="/pages/J8esBrUDq0umUQFjBPQo" %} [Computer](/fsprotect/search-and-reports/computer.md) {% endcontent-ref %} {% content-ref url="/pages/jR6SFPZcnLUoNpZLEYNV" %} [User](/fsprotect/search-and-reports/user.md) {% endcontent-ref %} {% content-ref url="/pages/Vl6YAeoQDR10WYh3FaUz" %} [Group](/fsprotect/search-and-reports/group.md) {% endcontent-ref %} {% content-ref url="/pages/wIFRiHJtYRI71UKumZ3w" %} [GPO](/fsprotect/search-and-reports/grouppolicyobject.md) {% endcontent-ref %} {% content-ref url="/pages/g3yM2q98PrNmcnTfDF1X" %} [OU](/fsprotect/search-and-reports/organizationalunit.md) {% endcontent-ref %} {% content-ref url="/pages/5hi8BRXXIoJg1sTmVb8k" %} [ManagedServiceAccount](/fsprotect/search-and-reports/managedserviceaccount.md) {% endcontent-ref %} {% content-ref url="/pages/5liKmRfHBk9AsMzKpShT" %} [GroupManagedServiceAccount](/fsprotect/search-and-reports/groupmanagedserviceaccount.md) {% endcontent-ref %} {% content-ref url="/pages/8MSBsVptxu7vWl9ojM5P" %} [DelegatedManagedServiceAccount](/fsprotect/search-and-reports/delegatedmanagedserviceaccount.md) {% endcontent-ref %} {% content-ref url="/pages/guEufGrJzGwTkTWFA2LV" %} [LocalUser](/fsprotect/search-and-reports/localuser.md) {% endcontent-ref %} {% content-ref url="/pages/JBfIXL7LDbW35SBWTt4s" %} [LocalGroup](/fsprotect/search-and-reports/localgroup.md) {% endcontent-ref %} {% content-ref url="/pages/8cAIDgSOU1B36Orbuv4I" %} [CertificateAuthority](/fsprotect/search-and-reports/certificateauthority.md) {% endcontent-ref %} {% content-ref url="/pages/1qeU6ZpXGCngL3zHLkYy" %} [CertificateTemplate](/fsprotect/search-and-reports/certificatetemplate.md) {% endcontent-ref %} {% content-ref url="/pages/frfnGzt0xe6cM8Gvk3uF" %} [CACertificate](/fsprotect/search-and-reports/cacertificate.md) {% endcontent-ref %} {% content-ref url="/pages/GavxniOi2ayrXNPWpXrX" %} [SPN](/fsprotect/search-and-reports/spn.md) {% endcontent-ref %} {% content-ref url="/pages/aKcza4seOUR4UpAgVdHh" %} [FGPP](/fsprotect/search-and-reports/fgpp.md) {% endcontent-ref %} {% content-ref url="/pages/rDIwKCD3SZJIt3Ftp4Oe" %} [Container](/fsprotect/search-and-reports/container.md) {% endcontent-ref %} {% content-ref url="/pages/Jp5ESYskLsOoJg6AoA0F" %} [Vulnerability](/fsprotect/search-and-reports/vulnerability.md) {% endcontent-ref %} {% content-ref url="/pages/0LAEkWuHbIjeBkoz5i9u" %} [DNSZone](/fsprotect/search-and-reports/dnszone.md) {% endcontent-ref %} {% content-ref url="/pages/QDSJjGaO9P2gXeXiyk5x" %} [Forest](/fsprotect/search-and-reports/forest.md) {% endcontent-ref %} {% content-ref url="/pages/7iYKjVDumLtceCEjEL4k" %} [Script](/fsprotect/search-and-reports/script.md) {% endcontent-ref %} {% content-ref url="/pages/G2FnbKt4kY19pjKZLCty" %} [UnknownTrust](/fsprotect/search-and-reports/unknowntrust.md) {% endcontent-ref %} {% content-ref url="/pages/kTLdJkvsYZbAehnAxBA7" %} [DisplaySpecifier](/fsprotect/search-and-reports/displayspecifier.md) {% endcontent-ref %} {% content-ref url="/pages/h5voWq3PE9mlBmq8D69s" %} [Tier0](/fsprotect/search-and-reports/tier0.md) {% endcontent-ref %} {% content-ref url="/pages/sPhcNJaVK65E8YwOV02a" %} [Tier2](/fsprotect/search-and-reports/tier2.md) {% endcontent-ref %} ## Run On Graph On the **Search & Reports** page, users can use the **Run on Graph** feature for both saved queries and newly created queries. This allows them to directly visualize the results in the **Visualize** page, offering a clear graphical representation of the data.

## New Query The `New Query` interface provides a query builder to create complex queries. You can create custom queries by using `Object Type`, `Object Attributes`, `And/Or` logics,Relation Directionand `Groupings`. You can also save these queries for later use.

## Active Directory Querys ### Example 1 - Create Query - Risky Groups with No Member

### Example 2 - Create Query - Users with Group Delegated Admin Right on more than 1 Computer

### Example 3 - Saving Query - Local Admin Accounts created in the last 1 month

### Example 4 - Using Groups - Stealth Admins in forestall.labs or windomain.labs Domains

## Azure (Entra ID) Queries ### Example 1 - Create Query - Stealth Admin in Azure

### Example 2 - Saving Query - Azure User With Tier 0 Accounts created in the last 4 Month

## Saved Queries `Saved Queries` contains a list of various built-in queries and custom queries created by the user.

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.forestall.io/fsprotect/search-and-reports.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.