A nice feature in Active Directory is the ability to connect users with managers. On the user account you can manually go to the Organization tab, click on the Change button under manager, and type the name of the user’s manager. When you look at the same tab for the manager you will see the user under Direct Reports. It isn’t necessarily that difficult to manually change users in bulk but probably not very efficient. Let me show you how with the Active Directory module and PowerShell. It is easier than you think.

Configure the user

The easiest way to accomplish this is to get the user account and configure it with a manager. I’m running from a Windows 8 desktop with PowerShell v3 and Remote Server Administration (RSAT) tools installed. I need to add April Showers as the manager for Mae Flowers.

PS C:\> get-aduser mflowers | Set-ADUser -Manager ashowers

The best part is that I don’t have to know where either account resides. It really is that easy. The Set-ADUser cmdlet doesn’t write anything to the pipeline unless you use –Passthru. If you wanted to configure and verify with a single command you can try something like this:

PS C:\> get-aduser mflowers | Set-ADUser -Manager ashowers -PassThru | get-aduser -Properties Manager | Select Name,Manager

Name                                         Manager
----                                         -------
Mae Flowers                                  CN=April Showers,OU=Customer Service,OU=D...

Want to clear the entry? Set the manager to $Null.

PS C:\> get-aduser mflowers | Set-ADUser -Manager $null

Of course, it is just as easy to do this for several user accounts.

PS C:\> get-aduser -filter "department -eq 'Customer Service'" | Set-ADuser -Manager ashowers -passthru | get-aduser -Properties Title,Manager | Select Name,Title,Manager

get-aduser - Configure the user

I used –Passthru and the additional code to verify the results.

One thing you may have noticed, April Showers was set to be the manager of herself because account came up in the Get-ADUser filter. The better approach is to check the accounts first before committing the change. In my case, I should be able to tweak the filter.

PS C:\> get-aduser -filter "department -eq 'Customer Service' -AND samaccountname -ne 'ashowers'" | set-aduser -manager ashowers

Getting direct reports

Once a user account has people assigned to it, you will be able to find and user a DirectReports property.

PS C:\> get-aduser ashowers -Properties DirectReports | Select -Expand DirectReports

get-aduser - Getting direct reports

As you can see in the screenshot above all you get is the distinguishedname. For something a bit more meaningful try this:

PS C:\> get-aduser ashowers -Properties DirectReports | Select -Expand DirectReports | get-aduser -Properties Title | Select Name,Title

get-aduser - Getting direct reports 2


With a little work, you can even create some basic organizational reports. Here is a script that uses a recursive function to list all mangers and subordinates.

#requires -version 3.0
#requires -modules ActiveDirectory

[Parameter(Position=0,Mandatory=$True,HelpMessage="Enter a top level user name")]

Function Get-DirectReports {


Process {
 $direct = Get-ADUser -Identity $DistinguishedName -Properties DirectReports

 if ($direct.DirectReports) {
  $direct.DirectReports | Get-ADUser -Properties Title | foreach {
   "{0} [{1}]" -f $_.Name.padleft($_.name.length+$tab),$_.title
   $_ | Get-DirectReports -Tab $($tab+2)

} #process

} #end function

$user = Get-ADUser $Identity -Properties DirectReports,Title
$reports = $user.DirectReports

"{0} [{1}]" -f $User.name,$User.Title

foreach ($report in $reports) {
$direct = $report | Get-ADUser -Properties DirectReports,Title,Department
"{0} [{1}]" -f $direct.name.padleft($direct.name.length+1,">"),$direct.Title
$direct | Get-DirectReports
} #foreach

The script writes a simple text list with some indentations to indicate which employees belong to which managers.

List all mangers and subordinates


Creating manager/employee relationships in Active Directory with PowerShell is not that difficult. You can even do something similar with computer accounts.

PS C:\> get-adcomputer chi-win8-01 | set-adcomputer -ManagedBy jeff

Notice how similar the syntax is? Once you get the basics, you can easily leverage what you already know to accomplish many other tasks.

  1. Avatar
    simsaull 10 years ago

    hello Jeffery,
    thanks for this interesting article.
    Could you please explain this :
    “{0} [{1}]” -f $User.name,$User.Title

    I understand that it displays the name and the title between [], but I’ve never seen this syntax, where is that -f coming from?


  2. Avatar Author

    The -f is the format operator. Basically {0} and {1} are place holders which get filled with the corresponding values to the right of the operator. You can read a bit more on it in: about_operators

  3. Avatar
    haringg 10 years ago

    Great post! We are in the process of “cleaning” up our AD structure and to have each Management Unit broken down like this makes for an easy to follow checklist to see which user accounts need to be updated.

  4. Avatar
    Carsten 9 years ago

    Hi Jeffery.
    Thank you for this great post.

    How can I transform the line “get-adcomputer chi-win8-01 | set-adcomputer -ManagedBy jeff” into a bulk-add powershell script from csv with Computername and SamAccountName?
    I have 600 workstations that I need to relate to an “owner”.

    Regards Carsten

  5. Avatar Author

    Carsten, the simplest solution is a one-line command:

    Import-CSV data.csv | foreach { Set-ADComputer -identity $_.Computername -managedBy $_.Samaccountname}

    This doesn’t take any error handling into account but should work.

  6. Avatar
    Adam Reyes 9 years ago

    Jeffery, how do you go about outputting the results into a text file?

  7. Avatar

    Hello Jeffery,

    How can I import from csv file with 2 headers : user, directreport
    to PS Script & set directreport for all users with “foreach”
    like you wroten ( I add some from my own …..) :

    foreach $user in $users
    get-aduser ashowers -Properties DirectReports | Select -Expand DirectReports | “set-adusers directreport ….. ” | get-aduser -Properties Title | Select Name,Title

    Thanks …

  8. Avatar Author

    It should be as simple as this:
    import-csv file.csv | foreach {
    Set-ADUser -identity $_.user -manager $_.directreport

    That assumes that the values for User and DirectReport are either distinguishednames or samaccountnames. Otherwise, you may need to try something like this:

    import-csv file.csv | foreach {
    Set-ADUser -identity $_.user -manager (Get-ADUser -filter “Name -eq ‘$($_.directreport)'”)

  9. Avatar
    Srikanth 7 years ago

    Hi, Jeffery Hicks, Good Morning,

    1. I have csv file with name users.csv, it contains two columns one is SamAccountName and other is Newmanager

    2. I am trying to update Manager Name for all users in SamAccountName column, I am trying the below script, but receiving error stating “Set-ADUser : Cannot find an object with identity: ‘….”

    Import-Module ActiveDirectory 
    $Users = Import-csv C:\Scripts\Users.csv 
    foreach ($User in $Users) 
     Set-ADUser $User.SamAccountName -Manager $User.Newmanager 

    Please help


    Srikanth M A

  10. Avatar
    Keith 4 years ago

    Hi Jeffrey,

    What is a simple script to change the Job Title field for users.  The one I use says it does not recognize Job Title

    • Avatar
      Hamish Ahern 3 years ago

      the field is just called    title  all in lowercase.

  11. Avatar
    fir 2 years ago

    Hello, how can i e-mails and user names in this report?

Leave a reply

Please enclose code in pre tags: <pre></pre>

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account