none
How do I use Get-ADUser to get just the Managers attribute? And then get rid of duplicates in my array/hash table? RRS feed

  • Question

  • Hello,

          I am trying to just get the Managers of my users in Active Directory. I have gotten it down to the user and their manager, but I don't need the user. Here is my code so far:

    Get-ADUser-filter*-searchbase"OU=REDACTED, OU=Enterprise Users, DC=REDACTED, DC=REDACTED"-PropertiesManager|SelectName,@{N='Manager';E={(Get-ADUser$_.Manager).Name}} |export-csvc:\managers.csv-append 

    Also, I need to get rid of the duplicate values in my hash table. I tried playing around with -sort unique, but couldn't find a place it would work. Any help would be awesome.

    Thanks,

    Matt

    Tuesday, September 23, 2014 3:59 PM

Answers

All replies

  • Hi Matt,

    Try something like this:

    Get-ADUser -Filter * -Properties Manager |
        Select @{N='Manager';E={ (Get-ADUser $_.Manager).Name }} -Unique | 
            Sort Manager |
                Export-Csv .\managerList.csv -NoTypeInformation

    Just drop the user from the select and use the -Unique switch.


    Don't retire TechNet! - (Don't give up yet - 13,085+ strong and growing)

    Tuesday, September 23, 2014 4:06 PM
  • I would caution that, although it is not likely, managers can also be contact, group, or computer objects. If this is possible in your situation, use Get-ADObject in place of Get-ADUser inside the curly braces.

    Also, if you only want users that have a manager assigned, you can use -LDAPFilter "(manager=*)" in the first Get-ADUser.

    Finally, if you want all users that have been assigned the manager for at least one user, you can use:

    Get-ADUser -LDAPFilter "(directReports=*)" | Select @{N='Manager';E={ (Get-ADUser $_.sAMAccountName).Name }} -Unique | Sort Manager | Export-Csv .\managerList.csv -NoTypeInformation

    -----

    This works because when you assign the manager attribute of a user, this assigns the user to the directReports attribute of the manager. The directReports atttribute is multi-valued (an array in essence).

    Again, if managers can be groups or some other class of object (not likely), then use Get-ADObect throughout and identify by distinguishedName instead of sAMAccountName (since contacts don't have sAMAccountName).


    Richard Mueller - MVP Directory Services


    Tuesday, September 23, 2014 4:58 PM
    Moderator
  • Mike,

         Thank you so much. It does exactly what I needed it to do, once I added -searchbase back. Now, to add this list to a drop down menu in my Excel database, so HR can stop spelling manager names wrong and let my create user script run correctly. Now that I think about it I should do this for department too, as HR can't seem to spell Engineering right. Thanks again.

    Matt

    Tuesday, September 23, 2014 5:12 PM
  • You can easily create a reliable list of existing managers since the manager attribute is DN syntax (distinguished name), so you know all values are valid. You can use similar code to retrieve unique department names, but since there is no validation in AD on this string attribute, you could find errors (misspellings). Best would be to retrieve all unique department names, then check the list for errors and correct them in AD. Again, I would filter on users that have any value assigned to department, to skip ones that do not have a value.

    Richard Mueller - MVP Directory Services

    Tuesday, September 23, 2014 5:24 PM
    Moderator
  • Cheers, you're very welcome.

    Make sure you take Richard's suggestion into account too though, he brings up a very good point.


    Don't retire TechNet! - (Don't give up yet - 13,085+ strong and growing)

    Tuesday, September 23, 2014 5:26 PM
  • Thanks Richard, just to be safe I changed it to ADObject.
    Tuesday, September 23, 2014 6:13 PM