Looking for an efficient way to get users who aren't members of N specific groups

I'm using Graph SDK (Via the NuGet package NOT the REST API directly) with my Azure ASP.NET Core web app. I need to get all AD users that are not members of any of 20 specific groups. There are tens of thousands of groups and so it's not practical to get every group and check the members.

I've done some investigation and expanding memberOf and filtering on it (so that I can filter using NOT IN) is not supported, except in the beta version which I'd like to avoid using unless I have to.

Is there an efficient way to get a list of users who are not members of the 20 groups? I start off knowing the list of 20 group Ids.

There is no direct way to achieve this through the sdk, but there are multiple ways you can accomplish this through Powershell:

1. Get all Azure AD users (Get-AzureADUser -all $true)

2. Create a hashtable to contain the users.

3. Add all users to a hashtable.

4. If a user is a member of a group, remove them from the hashtable.

   $groupids = @("f8dee32c-1924-4e84-93f3-487d7c79c381", "dbd30120-0021-4a92-850f-d5648961003c") #list of groups by ObjectID that you want to check if users are NOT a member of

   $userht = @{} #create hashtable that will contain users

   Get-AzureADUser -all $true | foreach-object {$userht.Add($.ObjectId,$)} #add all AzureAD users to hashtable with ObjectID as unique key

   ForEach($id in $groupids){

   Get-AzureADGroupMember -all $true -ObjectId $id | foreach-object { $userht.Remove($_.ObjectId) } #if user is member of group, remove them from hashtable

   }
   Hope this helps.