A nice feature in Active Directory is the ability to connect users with managers. On the user account you can manually go to the Organization tab, click on the Change button under manager, and type the name of the user’s manager. When you look at the same tab for the manager you will see the user under Direct Reports. It isn’t necessarily that difficult to manually change users in bulk but probably not very efficient. Let me show you how with the Active Directory module and PowerShell. It is easier than you think.

Jeffery Hicks

Jeffery Hicks is a multi-year Microsoft MVP in Windows PowerShell, Microsoft Certified Professional and an IT veteran with 25 years of experience specializing in automation. He works today as an author, trainer and consultant.

Configure the user ^

The easiest way to accomplish this is to get the user account and configure it with a manager. I’m running from a Windows 8 desktop with PowerShell v3 and Remote Server Administration (RSAT) tools installed. I need to add April Showers as the manager for Mae Flowers.

The best part is that I don’t have to know where either account resides. It really is that easy. The Set-ADUser cmdlet doesn’t write anything to the pipeline unless you use –Passthru. If you wanted to configure and verify with a single command you can try something like this:

Want to clear the entry? Set the manager to $Null.

Of course, it is just as easy to do this for several user accounts.

get-aduser - Configure the user

I used –Passthru and the additional code to verify the results.

One thing you may have noticed, April Showers was set to be the manager of herself because account came up in the Get-ADUser filter. The better approach is to check the accounts first before committing the change. In my case, I should be able to tweak the filter.

Getting direct reports ^

Once a user account has people assigned to it, you will be able to find and user a DirectReports property.

get-aduser - Getting direct reports

As you can see in the screenshot above all you get is the distinguishedname. For something a bit more meaningful try this:

get-aduser - Getting direct reports 2

Reporting ^

With a little work, you can even create some basic organizational reports. Here is a script that uses a recursive function to list all mangers and subordinates.

The script writes a simple text list with some indentations to indicate which employees belong to which managers.

List all mangers and subordinates

Summary ^

Creating manager/employee relationships in Active Directory with PowerShell is not that difficult. You can even do something similar with computer accounts.

Notice how similar the syntax is? Once you get the basics, you can easily leverage what you already know to accomplish many other tasks.

Join the 4sysops PowerShell group!

Your question was not answered? Ask in the forum!

0
Share
9 Comments
  1. simsaull 6 years ago

    hello Jeffery,
    thanks for this interesting article.
    Could you please explain this :
    "{0} [{1}]" -f $User.name,$User.Title

    I understand that it displays the name and the title between [], but I've never seen this syntax, where is that -f coming from?

    Thanks

    0

  2. Author
    Jeffery Hicks 6 years ago

    The -f is the format operator. Basically {0} and {1} are place holders which get filled with the corresponding values to the right of the operator. You can read a bit more on it in: about_operators

    0

  3. haringg 6 years ago

    Great post! We are in the process of "cleaning" up our AD structure and to have each Management Unit broken down like this makes for an easy to follow checklist to see which user accounts need to be updated.

    0

  4. Carsten 5 years ago

    Hi Jeffery.
    Thank you for this great post.

    How can I transform the line "get-adcomputer chi-win8-01 | set-adcomputer -ManagedBy jeff" into a bulk-add powershell script from csv with Computername and SamAccountName?
    I have 600 workstations that I need to relate to an "owner".

    Regards Carsten

    0

  5. Author
    Jeffery Hicks 5 years ago

    Carsten, the simplest solution is a one-line command:

    Import-CSV data.csv | foreach { Set-ADComputer -identity $_.Computername -managedBy $_.Samaccountname}

    This doesn't take any error handling into account but should work.

    0

  6. Adam Reyes 5 years ago

    Jeffery, how do you go about outputting the results into a text file?

    0

  7. Yehuda Menachem 4 years ago

    Hello Jeffery,

    How can I import from csv file with 2 headers : user, directreport
    to PS Script & set directreport for all users with "foreach"
    like you wroten ( I add some from my own .....) :

    foreach $user in $users
    {
    get-aduser ashowers -Properties DirectReports | Select -Expand DirectReports | "set-adusers directreport ..... " | get-aduser -Properties Title | Select Name,Title
    }

    Thanks ...
    😉

    0

  8. Author

    It should be as simple as this:
    import-csv file.csv | foreach {
    Set-ADUser -identity $_.user -manager $_.directreport
    }

    That assumes that the values for User and DirectReport are either distinguishednames or samaccountnames. Otherwise, you may need to try something like this:

    import-csv file.csv | foreach {
    Set-ADUser -identity $_.user -manager (Get-ADUser -filter "Name -eq '$($_.directreport)'")
    }

    0

  9. Srikanth 3 years ago

    Hi, Jeffery Hicks, Good Morning,

    1. I have csv file with name users.csv, it contains two columns one is SamAccountName and other is Newmanager

    2. I am trying to update Manager Name for all users in SamAccountName column, I am trying the below script, but receiving error stating "Set-ADUser : Cannot find an object with identity: '...."

    Please help

    Regards,

    Srikanth M A

    0

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2019

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account