VB Script to show all Active Directory users that are not members of a particular group

Posted on 2009-04-28
Last Modified: 2012-05-06
I what to create a VB Script to querry AD for all users who are not currently members of a particular group.  Most scripts I find only show the current member of the group. Can this be done?
Question by:WH_Tech
    LVL 70

    Accepted Solution


    Yep, it can.

    You'd create an LDAP query like this:


    Where the ! symbol negates the term in the query, returning all users who do not belong to that group.

    Plugging that into a little VbScript we get this.

    strFilter = "(&(objectClass=user)(objectCategory=person)(!memberOf=CN=TheGroup,OU=Somewhere,DC=domain,DC=com))"
    strFields = "distinguishedName,name"
    Set objConnection = CreateObject("ADODB.Connection")
    objConnection.Provider = "ADsDSOObject"
    objConnection.Open "Active Directory Provider"
    Set objRootDSE = GetObject("LDAP://RootDSE")
    Set objRecordSet = objConnection.Execute( _
      "<LDAP://" & objRootDSE.Get("defaultNamingContext") & ">;" & _
      strFilter & ";" & strFields & ";subtree")
    Set objRootDSE = Nothing
    While Not objRecordSet.EOF
      WScript.Echo objRecordSet.Fields("distinguishedName").Value & vbCrLf & _

    Open in new window


    Author Closing Comment

    Excellent, Thx!

    Featured Post

    Too many email signature changes to deal with?

    Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

    Join & Write a Comment

    I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
    Synchronize a new Active Directory domain with an existing Office 365 tenant
    This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now