- Install AD Reports
- Uninstall AD Reports
- Register AD Reports
- Run a report
- Create Custom Reports
- Use Report Wizard
- Apply LDAP Filter to other Reports
- Save Reports for All Domains
- Load User Membership
- Load Group Members
- Generate a report: Users in Group
- Generate a report: Users Not in Group
- Run a report with not-replicated attributes
- Export a report
- Preview, Print, Email
- Add, Edit Domain
- Update Domain Credentials
- Schedule Reports
- Use Scheduler Service
- Test Scheduler Service
- Exclude Domain Controllers
- Add Company Logo
- Set Email Settings
- Save and Load Report Settings
- Enable High DPI Support
How to Generate a Report of Users Not in Specific Active Directory Groups
To generate a report of users not in specific groups, we can use the memberOf
attribute of user objects to filter users by specific groups. The memberOf
attribute is a computed back-link attribute (also known as a constructed attribute), maintained and calculated by Active Directory. This attribute dynamically lists all the groups a user is a member of. However, because it does not support partial searches, we must use the entire distinguished name (DN) of the group for filtering.
Here are the steps to generate a report of users in a specific group:
1. Obtain the Distinguished Names of the Groups you want to exclude.
Run the All Groups report and select the group you need to run a report against. Select the Distinguished Name of that group, copy it to the clipboard (Ctrl+C), and save it, for example, in Notepad. Repeat the same for all the groups you need to exclude.
2. Create New User Custom Report
Switch to the Users tab, right-click on the All Users report (or any other user report you wish to use), and select Save Report as new Custom. Alternatively, you can select this report from the report tree and click Save Report as new Custom from the toolbar. Type the new report title and click Save.
AD Reports will save the newly created report. Switch to the Custom tab and run the report by default.
3. Customize the Report
- Click on the Customize Report button from the toolbar.
- Select Search Root from the left menu and choose the search root if required; otherwise, the search will start at the domain level.
- Select LDAP Filter from the left menu.
-
In the LDAP Filter builder, next to the And clause, click the + sign and select Add Condition.
- Click on the Attribute and choose Member Of from the dropdown.
- Then, click on the condition right after the attribute and select the Does not equals sign.
- Click on the value field and paste the Distinguished Name of your group.
- Repeat for every group you want to exclude.
It should look like this:
Click Save & Close to save and run your report.
4. Verify the result.
Your results should look something like this:
Let's compare our results with the results from Active Directory Users and Computers custom search, using our generated LDAP filter from the previous step. Keep in mind that Active Directory Users and Computers might not support formatted LDAP filter strings. In that case, you can toggle the "Format" filter button to switch between formatted and unformatted filter strings.
If you have any inquiries or encounter any difficulties while running reports, please don't hesitate to reach out to us for assistance Contact us.