GetAduser need Manager name and email in results

PowerShell Help
1

Hi
I am trying to get Manager display name, Manager SamAccountName and Manager employeeid
At best all I can get is something like this “CN=ahaber,OU=Users,OU=OT-Accounts,DC=opentext,DC=net” using the Manager property of the GetAduser cmd.

Any help would be appreciated,
THanks,
Derek

$adGroupList = 'BI_FINANCE_FULL','BI_FIN_EXP_FACILITIES_FULL_R1'
$results = foreach ($group in $adGroupList) {
    Get-ADGroupMember -identity $group -Recursive | 
        Get-ADUser -Properties * | 
            Select-Object @{Name='Group';Expression={$group}},
                   displayname,
                   name,
                   employeeID,
                   Department,
                   title,
                   physicalDeliveryOfficeName,
                   Manager,
                   sAMAccountName,
                   givenName,
                   surname,
                   UserPrincipalName
}

$results | Export-Csv -Append “C:\temp\GetADGroupMember4.csv” -NoTypeInformation -Encoding UTF8
2

All AD saves from the manager of a user in the user object is the distinguished name. If you want to have something else you will have to query the AD for it explicitly. So you either query the manager inside your calculated property or you prepare a hash table with all possible managers before and use this to query it inside the calculated property.

3

Hi Olaf,
I think the Hash table method might be tricky as we have thousands of managers.
Is it difficult to Query the AD for it explicitly and if so do you have any pointers?
Should I look at another non PowerShell solution?

Thanks very much for your help,
Derek

4

This can be accomplished again with a calculated expression doing a sub-query on Active Directory. Depending on how many records you are pulling, try not to do too many as it can impact performance since you are doing individual queries for a single property:

$adGroupList = 'BI_FINANCE_FULL','BI_FIN_EXP_FACILITIES_FULL_R1'
$results = foreach ($group in $adGroupList) {
    Get-ADGroupMember -identity $group -Recursive | 
        Get-ADUser -Properties * | 
            Select-Object @{Name='Group';Expression={$group}},
                   displayname,
                   name,
                   employeeID,
                   Department,
                   title,
                   physicalDeliveryOfficeName,
                   Manager,
                   @{Name='ManagerName';Expression={Get-ADUser -Identity $_.Manager | Select-Object -ExpandProperty DisplayName}},
                   sAMAccountName,
                   givenName,
                   surname,
                   UserPrincipalName
}

$results | Export-Csv -Append “C:\temp\GetADGroupMember4.csv” -NoTypeInformation -Encoding UTF8
1 Like
5

Wow … thousands … really? So my recommendation would be to fire most of them. You actually need more people doing something … not just managers. :wink: :rofl: :rofl: :rofl: :crazy_face: :crazy_face: :crazy_face:

But the fact that you have a big amount of uniform objects to process shouldn’t scare you. You have a computer to do the boring and repetitive work for you. :wink:

I’ll leave it to you how to query your AD for those thousands of managers. Here’s an example of how to query an OU for user accounts and turn the output into a hashtable you can use later on.

$SearchBase = 'OU=manager,OU=people,DC=contoso,DC=com'
$ManagerHashtable = 
Get-ADUser -SearchBase $SearchBase -Filter * -Properties DisplayName, EmployeeID |
ForEach-Object {
    @{
        $_.DistinguishedName = @{
            DisplayName    = $_.DisplayName
            sAMAccountName = $_.sAMAccountName
            EmployeeID     = $_.EmployeeID
        }
    }
}

Now the rest is actually a piece of cake … I borrowed Robs code (sorry Rob :wink: :flushed: :kissing_heart: ) and tweaked it to include the output of the managers EmployeeID, DisplayName and sAMAccountName.

$adGroupList = 'BI_FINANCE_FULL', 'BI_FIN_EXP_FACILITIES_FULL_R1'
$results = 
foreach ($group in $adGroupList) {
    Get-ADGroupMember -identity $group -Recursive | 
    Get-ADUser -Properties DisplayName, EmployeeID, Departement, Title, physicalDeliveryOfficeName, Manager | 
    Select-Object @{Name = 'Group'; Expression = { $group } },
    displayname,
    name,
    sAMAccountName,
    givenName,
    surname,
    UserPrincipalName,
    employeeID,
    Department,
    title,
    physicalDeliveryOfficeName,
    @{Name = 'ManagerDisplayName'; Expression = { $ManagerHashtable.$($_.Manager).DisplayName } },
    @{Name = 'ManagerSamaccontName'; Expression = { $ManagerHashtable.$($_.Manager).sAMAccountName } },
    @{Name = 'ManagerEmployeeID'; Expression = { $ManagerHashtable.$($_.Manager).EmployeeID } }
}

$results | Export-Csv -Append 'C:\temp\GetADGroupMember4.csv' -NoTypeInformation -Encoding UTF8

… it’s untested … the environment I have available to test doesn’t even have managers set up in the user accounts … sorry.

If the aaproach with the hashtable does not work for you for any reason you could still use a simple list of objects queried from the AD and saved to a variable instead of querying the AD for each and every single member of one of your groups again and again and again. Even that should speed up your code remarkably.

1 Like