我有一组10个广告组。我想是通过编程找出哪些是用户在AD域不是那些10组的成员。只有一个域。我知道这是可能在一个VBScript ADO执行SQL查询，但我想知道（希望，祈祷），如果有人有一个固定的脚本？

I have a set of 10 AD groups. What I'd like is to programmatically find out which users in the AD domain are NOT members of those 10 groups. There is only one domain. I know it's possible to perform ADO SQL queries in a vbscript but I was wondering (hoping, praying) if someone had a canned script?

我想哈克的方式可能是：

I suppose a hacky way might be:

任何想法？

推荐答案

对于任何有兴趣，这个工作：

For anyone interested, this worked:

(&(objectCategory=Person)
    (&
        (!memberOf=CN=group1,dc=company,dc=local)
        (!memberOf=CN=group2,dc=company,dc=local)
        (!memberOf=CN=group3,dc=company,dc=local)
    )
)