How to Generate a Report of Users Not in Specific Active Directory Groups

Obtain the Distinguished Names of the Groups to Exclude

Run the All Groups report and select the group you need to run a report against. Select the Distinguished Name of that group, copy it to the clipboard (Ctrl+C), and save it, for example, in Notepad. Repeat the same for all the groups you need to exclude.

Create New User Custom Report

Switch to the Users tab, right-click on the All Users report (or any other user report you wish to use), and select Save Report as new Custom. Alternatively, you can select this report from the report tree and click Save Report as new Custom from the toolbar. Type the new report title and click Save.

AD Reports will save the newly created report. Switch to the Custom tab and run the report by default.

Customize the Report

• Click on the Customize Report button from the toolbar.
• Select Search Root from the left menu and choose the search root if required; otherwise, the search will start at the domain level.

  

• Select LDAP Filter from the left menu.
• In the LDAP Filter builder, next to the And clause, click the + sign and select Add Condition.
  • Click on the Attribute and choose Member Of from the dropdown.
  • Then, click on the condition right after the attribute and select the Does not equals sign.
  • Click on the value field and paste the Distinguished Name of your group.
  • Repeat for every group you want to exclude.

It should look like this:

Click Save & Close to save and run your report.

Verify the Result

Your results should look something like this:

Let's compare our results with the results from Active Directory Users and Computers custom search, using our generated LDAP filter from the previous step.

Keep in mind that Active Directory Users and Computers might not support formatted LDAP filter strings. In that case, you can toggle the "Format" filter button to switch between formatted and unformatted filter strings.