All users, computers, groups and contacts (and possibly other objects)
in Active Directory have a property called memberof. This
property contains the distinguished names of all groups
from the whole forest that this entity is a member of, as the attribute's
Given this information, you can now construct an ldap search query to
find all entities that are not members of at least one of those groups:
Other conditions may be included as necessary.
If you need to obtain the distinguished names of those groups first, you
can either hard-code them in your filter or do a normal Powershell search
for the groups and then read their distinguished names.
You can use the ldap query via the command's -LDAPFilter parameter.