Active Directory Security and Active Directory Delegation play a mission-critical role in global security and present an open challenge. A good Active Directory Audit Tool / Active Directory Reporting Tool / Active Directory Auditing Tool / Permissions Analyzer for Active Directory can help Audit Active Directory, generate Active Directory Reports and mitigate Active Directory Risks such as Active Directory Privilege Escalation, and find out who can reset your windows password. Today, even the US Department of Homeland Security runs on Active Directory.Today, tools like the Active Directory Effective Permissions Tab and Active Directory Permissions Analyzer can be used to perform Active Directory Permissions Analysis, prevent Token Bloat, Dump Active Directory ACLs, perform an Active Directory Audit and an Active Directory Access Audit.
How to Specify the Base and the Scope of your Search when using Active Directory PowerShell
In the case of these Active Directory Power Shell cmdlets, this is no difference. You need to specify the base and the scope of a cmdlet query as well.
The scope of your search can be set to Base, OneLevel, or SubTree. As alluded to above, Base searches the current path/object, OneLevel searches the specified object and its immediate children of the path/object and SubTree searches the current path/object and ALL its children (i.e. including all grand-children all the way down to each leaf object).
As for the Base itself, it refers to the specific Active Directory object at which to target the search.
So for example, the cmdlet command Get-ADUser -LDAPFilter “(name=Scotty*)” -SearchBase “OU=Executives,OU=Accounts,DC=Contoso,DC=com” -SearchScope OneLevel, the cmdlet would enumerate all user accounts directly in the Executives OU whose name begins wit h Scotty.
Note that in this example, if there were an OU within Executives called say Assistants, and it too contained a user whose name started with Scotty, that user account would not be returned as a part of the search.