Try this:
$vpn = "VPN"
$nonvpn = "NONVPN"
$OUs = "OU=USA,DC=company,DC=com", "OU=Europe,DC=company,DC=com"
$now = (Get-Date).Date # accouns expiring today are NOT YET expired!
$VPNmembers = Get-ADGroupMember -Identity $vpn -Recursive |
Select-Object -ExpandProperty distinguishedName
$NONVPNmembers = Get-ADGroupMember -Identity $nonvpn -Recursive |
Select-Object -ExpandProperty distinguishedName
$OUs |
Get-ADUser -Filter "enabled -eq 'true'" -SearchBase $_ |
Where-Object { (-not $_.accountexpirationdate) -OR ($_.accountexpirationdate -gt $now) } | # no expiry date or not expired
ForEach-Object {
If ($vpnmembers -notcontains $_.distinguishedname -AND $nonvpmmembers -contains $_.distinguishedname) {
Write-Host "Accounting OU: $($_.name) is ENABLED, NOT expired, DOES NOT exist in the $vpn group, but DOES exits in $nonvpn group"
}
}