Relevance for a computer belonging to specific security groups in AD?

(imported topic written by flayofish91)

Is it possible to set a relevance exclusion on a machine name based on it’s membership to security groups in AD?

I’m looking to set a relevance exclusion based on the following:

machinename is not a member of security group A or security group B in Active Directory.

-thanks

(imported comment written by NoahSalzman)

Any of these posts help? In reference to some of the examples in those posts, you are probably looking for “not exists” rather than “exists”.

http://forum.bigfix.com/viewtopic.php?id=1905

http://forum.bigfix.com/viewtopic.php?id=3181

http://forum.bigfix.com/viewtopic.php?id=3747

Also, every time AD is mentioned we always give the warning: be careful asking 1000s of endpoints questions (via Relevance) about AD security permissions as you can easily DoS your AD server.

(imported comment written by flayofish91)

Thanks for the info, Noah.

Is there a way to query the local machine instead, like gpresult to get the info, or wmi against AD the best way to go?