Using ldapsearch to list all Global User without a provisioning role