- Use PowerShell splatting and PSBoundParameters to pass parameters - Wed, Nov 9 2022
- Using PowerShell with $PSStyle - Mon, Jan 24 2022
- Clean up user profiles with PowerShell - Mon, Jun 9 2014
Configure the user
The easiest way to accomplish this is to get the user account and configure it with a manager. I’m running from a Windows 8 desktop with PowerShell v3 and Remote Server Administration (RSAT) tools installed. I need to add April Showers as the manager for Mae Flowers.
PS C:\> get-aduser mflowers | Set-ADUser -Manager ashowers
The best part is that I don’t have to know where either account resides. It really is that easy. The Set-ADUser cmdlet doesn’t write anything to the pipeline unless you use –Passthru. If you wanted to configure and verify with a single command you can try something like this:
PS C:\> get-aduser mflowers | Set-ADUser -Manager ashowers -PassThru | get-aduser -Properties Manager | Select Name,Manager Name Manager ---- ------- Mae Flowers CN=April Showers,OU=Customer Service,OU=D...
Want to clear the entry? Set the manager to $Null.
PS C:\> get-aduser mflowers | Set-ADUser -Manager $null
Of course, it is just as easy to do this for several user accounts.
PS C:\> get-aduser -filter "department -eq 'Customer Service'" | Set-ADuser -Manager ashowers -passthru | get-aduser -Properties Title,Manager | Select Name,Title,Manager
I used –Passthru and the additional code to verify the results.
One thing you may have noticed, April Showers was set to be the manager of herself because account came up in the Get-ADUser filter. The better approach is to check the accounts first before committing the change. In my case, I should be able to tweak the filter.
PS C:\> get-aduser -filter "department -eq 'Customer Service' -AND samaccountname -ne 'ashowers'" | set-aduser -manager ashowers
Getting direct reports
Once a user account has people assigned to it, you will be able to find and user a DirectReports property.
PS C:\> get-aduser ashowers -Properties DirectReports | Select -Expand DirectReports
As you can see in the screenshot above all you get is the distinguishedname. For something a bit more meaningful try this:
PS C:\> get-aduser ashowers -Properties DirectReports | Select -Expand DirectReports | get-aduser -Properties Title | Select Name,Title
Reporting
With a little work, you can even create some basic organizational reports. Here is a script that uses a recursive function to list all mangers and subordinates.
#requires -version 3.0
#requires -modules ActiveDirectory
Param(
[Parameter(Position=0,Mandatory=$True,HelpMessage="Enter a top level user name")]
[string]$identity
)
Function Get-DirectReports {
[cmdletbinding()]
Param(
[Parameter(Position=0,ValueFromPipelineByPropertyName=$True)]
[string]$DistinguishedName,
[int]$Tab=2
)
Process {
$direct = Get-ADUser -Identity $DistinguishedName -Properties DirectReports
if ($direct.DirectReports) {
$direct.DirectReports | Get-ADUser -Properties Title | foreach {
"{0} [{1}]" -f $_.Name.padleft($_.name.length+$tab),$_.title
$_ | Get-DirectReports -Tab $($tab+2)
}
}
} #process
} #end function
$user = Get-ADUser $Identity -Properties DirectReports,Title
$reports = $user.DirectReports
"{0} [{1}]" -f $User.name,$User.Title
foreach ($report in $reports) {
$direct = $report | Get-ADUser -Properties DirectReports,Title,Department
"{0} [{1}]" -f $direct.name.padleft($direct.name.length+1,">"),$direct.Title
$direct | Get-DirectReports
} #foreach
The script writes a simple text list with some indentations to indicate which employees belong to which managers.
Summary
Creating manager/employee relationships in Active Directory with PowerShell is not that difficult. You can even do something similar with computer accounts.
PS C:\> get-adcomputer chi-win8-01 | set-adcomputer -ManagedBy jeff
Notice how similar the syntax is? Once you get the basics, you can easily leverage what you already know to accomplish many other tasks.
hello Jeffery,
thanks for this interesting article.
Could you please explain this :
“{0} [{1}]” -f $User.name,$User.Title
I understand that it displays the name and the title between [], but I’ve never seen this syntax, where is that -f coming from?
Thanks
The -f is the format operator. Basically {0} and {1} are place holders which get filled with the corresponding values to the right of the operator. You can read a bit more on it in: about_operators
Great post! We are in the process of “cleaning” up our AD structure and to have each Management Unit broken down like this makes for an easy to follow checklist to see which user accounts need to be updated.
Hi Jeffery.
Thank you for this great post.
How can I transform the line “get-adcomputer chi-win8-01 | set-adcomputer -ManagedBy jeff” into a bulk-add powershell script from csv with Computername and SamAccountName?
I have 600 workstations that I need to relate to an “owner”.
Regards Carsten
Carsten, the simplest solution is a one-line command:
Import-CSV data.csv | foreach { Set-ADComputer -identity $_.Computername -managedBy $_.Samaccountname}
This doesn’t take any error handling into account but should work.
Jeffery, how do you go about outputting the results into a text file?
Hello Jeffery,
How can I import from csv file with 2 headers : user, directreport
to PS Script & set directreport for all users with “foreach”
like you wroten ( I add some from my own …..) :
foreach $user in $users
{
get-aduser ashowers -Properties DirectReports | Select -Expand DirectReports | “set-adusers directreport ….. ” | get-aduser -Properties Title | Select Name,Title
}
Thanks …
😉
It should be as simple as this:
import-csv file.csv | foreach {
Set-ADUser -identity $_.user -manager $_.directreport
}
That assumes that the values for User and DirectReport are either distinguishednames or samaccountnames. Otherwise, you may need to try something like this:
import-csv file.csv | foreach {
Set-ADUser -identity $_.user -manager (Get-ADUser -filter “Name -eq ‘$($_.directreport)'”)
}
Hi, Jeffery Hicks, Good Morning,
1. I have csv file with name users.csv, it contains two columns one is SamAccountName and other is Newmanager
2. I am trying to update Manager Name for all users in SamAccountName column, I am trying the below script, but receiving error stating “Set-ADUser : Cannot find an object with identity: ‘….”
Please help
Regards,
Srikanth M A
Hi Jeffrey,
What is a simple script to change the Job Title field for users. The one I use says it does not recognize Job Title
the field is just called title all in lowercase.
Hello, how can i e-mails and user names in this report?