locked
Compare manager against domain (PowerShell) RRS feed

  • Question

  • Hi,

    Both of my two variables below contain a list of SamAccountNames. $Manager returns SamAccountNames of all employees recursively reporting to a manager all the way down. So not just whats in the VPs direct reports for example, it has the managers and ICs underneath them. $User returns all users SamAccountNames in the entire AD domain. I want to compare both of them.

    If the $User SamAccountName matches the specified manager name in $Manager the output would be $user reports up to $Manager 

    If the $User SamAccountName doesn't match the specified manger name in $Manager then the output would be $User doesn't report up to $Manager. Any help would be extremely appreciated.

    Code:

    $Manager = Get-ADdirectReports "ManagerName" | Select SamAccountName
    $Users = Get-ADUser -Filter * -Properties * | Select SamAccountName

    Foreach ($User in $Users) {

    if ($User -contains $Manager)

    {Write-Host "$User reports up to $Manager}

    Else

    {Write-Host "$User doesn't report up to $Manager}

    Thanks


    • Edited by RackHat Tuesday, March 20, 2018 3:33 PM
    Tuesday, March 20, 2018 3:28 PM

Answers

  • What is the purpose of this script? What is your endgame?

    This is much faster than Get-ADDirectReports:

    $ManagerDN = (Get-ADUser -Identity Manager).DistinguishedName
    $Filter = "(manager:1.2.840.113556.1.4.1941:={0})" -f $ManagerDN
    $DirectReports = Get-ADUser -LDAPFilter $Filter | Select SamAccountName

    I think this will output the result you are expecting:

    $Manager = Get-ADUser -Identity "manager"
    $Filter = "(manager:1.2.840.113556.1.4.1941:={0})" -f $Manager.DistinguishedName
    $DirectReports = Get-ADUser -LDAPFilter $Filter | Select -expand SamAccountName
    $Users = Get-ADUser -Filter * | Select -expand SamAccountName
    
    foreach ($User in $Users) {
        if ($DirectReports -contains $User) {
            Write-Host "$User reports up to $($Manager.SamAccountName)" -ForegroundColor Green
        } else {
            Write-Host "$User doesn't report up to $($Manager.SamAccountName)" -ForegroundColor Red
        }
    }

    • Edited by Leif-Arne Helland Tuesday, March 20, 2018 9:17 PM
    • Marked as answer by RackHat Wednesday, March 21, 2018 5:48 PM
    Tuesday, March 20, 2018 8:59 PM

All replies

  • I assume Get-ADDirectReports is from the Script Gallery. If so, the purpose is to retrieve all direct reports. It retrieves the manager of each direct report, but will miss all managers that do not themselves have a manager. I would use the following to find all managers:

    $Managers = Get-ADUsers -LDAPFilter "(directReports=*)" | Select sAMAccountName

    which is probably more efficient anyway.

    Edit: Then the -contains operator should be used in the form:

    <Reference-values> -contains <Test-value>

    so I suggest:

    If ($Managers -Contains $User)


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)


    Tuesday, March 20, 2018 3:54 PM
  • foreach ($User in $Users) {
    
        if ($Manager -contains $User) {
    
            Write-Host "$User reports up to $Manager"
    
        }
    
        else {
    
            Write-Host "$User does not report up to $Manager"
    
        }
    
    }


    Tuesday, March 20, 2018 3:57 PM
  • Thank you, however with this method all I get for output 

          @{Name=UsersName} doesn't report up to 

    Even the users who eventually report up the ladder to that manager and populate under the $Manager variable show up as does not report up to.

    Tuesday, March 20, 2018 5:13 PM
  • Thank you for this. Yes, it is in the script gallery. It works great and gets a list of all users who report up to a manager. So if that manager is the VP of Engineering, it will grab the directors underneath, the managers underneath and then the individual contributors underneath them. If I just query for the direct reports of the VP of Engineering for example, I only get the directors. I am aware of the limitations but I just need to compare these two the way that they are. $Manager gets me the SamAccountNames of the all the users that eventually report all the way to the specified manager in $Manager. $User gets me all the SamAccountNames accounts in the domain. The SamAccountNames that match in both variables should output that the user reports up to that specified manager.

    Thank you

     


    • Edited by RackHat Tuesday, March 20, 2018 5:23 PM
    Tuesday, March 20, 2018 5:21 PM
  • What is the purpose of this script? What is your endgame?

    This is much faster than Get-ADDirectReports:

    $ManagerDN = (Get-ADUser -Identity Manager).DistinguishedName
    $Filter = "(manager:1.2.840.113556.1.4.1941:={0})" -f $ManagerDN
    $DirectReports = Get-ADUser -LDAPFilter $Filter | Select SamAccountName

    I think this will output the result you are expecting:

    $Manager = Get-ADUser -Identity "manager"
    $Filter = "(manager:1.2.840.113556.1.4.1941:={0})" -f $Manager.DistinguishedName
    $DirectReports = Get-ADUser -LDAPFilter $Filter | Select -expand SamAccountName
    $Users = Get-ADUser -Filter * | Select -expand SamAccountName
    
    foreach ($User in $Users) {
        if ($DirectReports -contains $User) {
            Write-Host "$User reports up to $($Manager.SamAccountName)" -ForegroundColor Green
        } else {
            Write-Host "$User doesn't report up to $($Manager.SamAccountName)" -ForegroundColor Red
        }
    }

    • Edited by Leif-Arne Helland Tuesday, March 20, 2018 9:17 PM
    • Marked as answer by RackHat Wednesday, March 21, 2018 5:48 PM
    Tuesday, March 20, 2018 8:59 PM
  • Wow! Thank you so much! This is exactly what I was looking for. If you didn't mind can you briefly explain what the $Filter variable is doing? Just want to understand this.
    Wednesday, March 21, 2018 5:50 PM
  • It's documented on MSDN.

    https://msdn.microsoft.com/en-us/library/aa746475.aspx


    -- Bill Stewart [Bill_Stewart]

    Wednesday, March 21, 2018 6:19 PM
  • Thank you!
    Wednesday, March 21, 2018 7:58 PM