Whether you need to find a user's manager, resolve a manager's display name, list a manager's direct reports, or export manager data to CSV, the Get-ADUser PowerShell cmdlet is the standard tool for the job. This article walks you through every step, from installing the Active Directory (AD) module to retrieving manager information, with complete examples. We'll also show how you the same reports can be generated in a few clicks using AD user reports in ADManager Plus, a comprehensive AD reporting tool.
The manager property is an AD user attribute that links one user object to another. Rather than storing a name or an email address, it stores a reference to the manager's DN, the full, unique path to that manager's object in the directory. This is what allows AD to model an organization's reporting structure. Each user can point to at most one manager, and that chain of reference is the backbone of org charts, direct-report lists, and management chains.
Since the manager attribute is not part of the default property set, the Get-ADUser cmdlet does not return it unless you ask for it explicitly. On its own, it returns only a small set of core properties such as name, sAMAccountName, and distinguishedName. To get the manager of a user, you must add the -Properties Manager parameter. AD withholds non-default attributes to keep queries fast, so the cmdlet returns only the properties you explicitly request.
All of the examples in this page rely on the AD module for Windows PowerShell. Before you begin, ensure the module is available and that you have the right permissions.
Add-WindowsCapability -Online -Name "Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0"
Import-Module ActiveDirectory
Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned
Retrieve the user with the manager property, then resolve the returned DN into a readable name. Start with a single user:
Get-ADUser -Identity "jdoe" -Properties Manager | Select-Object Name, Manager
The Manager value is a DN, not a name. Pass it into a second Get-ADUser call and request DisplayName:
$user = Get-ADUser -Identity "jdoe" -Properties Manager
if ($user.Manager) {
$manager = Get-ADUser -Identity $user.Manager -Properties DisplayName
Write-Host "The manager for $($user.Name) is $($manager.DisplayName)."
} else {
Write-Host "$($user.Name) does not have a manager assigned."
}
This nested Get-ADUser call is the key pattern. The first call returns the manager's DN, the second uses that DN to fetch the manager object. The if ($user.Manager) check prevents errors for users with no manager assigned (such as the CEO or service accounts).
A DN is read right to left, from the most general container to the most specific object. In CN=Steve Graham,OU=Management,DC=skyy,DC=com, the DC parts identify the domain, OU=Management is the organizational unit (OU), and CN=Steve Graham is the object's common name. AD stores manager references as DNs because a DN is globally unique and stable unlike a DisplayName, which can be duplicated.
A PSCustomObject assembles a clean, named-property record from values pulled out of different objects. Each key becomes a column, which makes the output tidy and ready to pipe straight into Export-Csv:
Get-ADUser -Filter * -Properties Manager | ForEach-Object {
$managerName = ""
if ($_.Manager) {
$managerName = (Get-ADUser -Identity $_.Manager -Properties DisplayName).DisplayName
}
[PSCustomObject]@{
Name = $_.Name
SamAccountName = $_.SamAccountName
Manager = $managerName
}
}
Once you know a manager's DN, find every user who reports to them by filtering on the manager attribute:
$manager = Get-ADUser -Identity "jsmith"
Get-ADUser -Filter "Manager -eq '$($manager.DistinguishedName)'" |
Select-Object Name, SamAccountName
This lists a manager's direct reports. To scope the search to a specific OU on a large directory, add -SearchBase:
Get-ADUser -Filter "Manager -eq '$($manager.DistinguishedName)'" `
-SearchBase "OU=Sales,DC=skyy,DC=com" |
Select-Object Name, SamAccountName
The -Filter parameter uses PowerShell's own readable syntax; -LDAPFilter accepts a raw LDAP filter and is better for complex conditions. These are equivalent:
# PowerShell -Filter syntax
Get-ADUser -Filter "Manager -eq '$($manager.DistinguishedName)'"
# Equivalent -LDAPFilter syntax
Get-ADUser -LDAPFilter "(manager=$($manager.DistinguishedName))"
Reach for -LDAPFilter when a condition is in PowerShell syntax, for example, while finding all users with no manager set using (!(manager=*)).
The most common task is a report of all users alongside their managers. This script resolves each manager's display name, handles null managers, adds email and department columns, and writes to CSV:
Get-ADUser -Filter * -Properties Manager, EmailAddress, Department | ForEach-Object {
$managerName = ""
if ($_.Manager) {
$managerName = (Get-ADUser -Identity $_.Manager -Properties DisplayName).DisplayName
}
[PSCustomObject]@{
Name = $_.Name
SamAccountName = $_.SamAccountName
Email = $_.EmailAddress
Department = $_.Department
Manager = $managerName
}
} | Export-Csv -Path "C:\Reports\UsersAndManagers.csv" -NoTypeInformation -Encoding UTF8
The $managerName = "" default keeps users with no manager in the file with a blank column. -NoTypeInformation drops the unwanted type header, and -Encoding UTF8 preserves accented names. On large directories, this runs a separate lookup per user and can be slow. The ADManager Plus tab shows a quicker and intuitive alternative.
To trace a user's reporting line all the way to the top, use a recursive function that follows the manager property upward until it reaches a user with no manager, the termination condition that stops the recursion:
function Get-ManagementChain {
param([string]$Identity)
$user = Get-ADUser -Identity $Identity -Properties Manager, DisplayName
Write-Output $user.DisplayName
if ($user.Manager) {
Get-ManagementChain -Identity $user.Manager
}
}
Get-ManagementChain -Identity "jdoe"
The if ($user.Manager) guard prevents infinite looping by halting at the top. On large directories each level is a separate query, so consider caching resolved managers in a hash table when running this across many users.
To assign or change a manager, use Set-ADUser with -Manager:
Set-ADUser -Identity "jdoe" -Manager "jsmith"
To clear the field, set it to $null:
Set-ADUser -Identity "jdoe" -Manager $null
For bulk changes, drive updates from a CSV with User and Manager columns:
Import-Csv -Path "C:\Reports\ManagerUpdates.csv" | ForEach-Object {
Set-ADUser -Identity $_.User -Manager $_.Manager
}
PowerShell is powerful, but when it comes to reporting on users and their managers, especially at scale, it has limitations compared to a reporting tool like ADManager Plus.
Active Directory Users and Computers (ADUC) exposes the manager attribute on the Organization tab of a user's properties. This is the quickest way to check a single user's manager without writing any script, and it resolves the distinguished name (DN) to a readable name.
The Organization tab lists the user's direct reports beneath the Manager field, giving you the inverse relationship at a glance. Select an entry and click Properties to open that report's object, or Add/Remove to adjust who reports to the user.
While ADUC is ideal for single user modifications, it doesn't scale for reporting:
For multi-user lookups and exports, use PowerShell or ADManager Plus.
ADManager Plus provides a script-free, GUI-based alternative for retrieving managers, listing direct reports, and exporting reports with the Manager column built-in and scheduled exports that email results to stakeholders automatically.
The manager attribute isn't part of the default property set Get-ADUser returns. AD limits default output for performance, so you must add -Properties Manager to retrieve it.
The manager property returns a DN. Run a second Get-ADUser call using that DN as the identity and request DisplayName using the command below.
Get-ADUser -Identity $user.Manager -Properties DisplayName
Open ADUC, right-click the user, choose Properties, and open the Organization tab. The Manager field shows the resolved manager name, and the Direct reports list shows users reporting to that person.
If the manager property is empty, use an if ($user.Manager) check before resolving it to prevent errors for users such as the CEO or service accounts.
In PowerShell, use Set-ADUser to configure a user's manager:
Set-ADUser -Identity "John" -Manager "Jacob"
In ADUC, use the Change button under the Organization tab.
Use a recursive PowerShell function that calls Get-ADUser for each manager and follows the manager property upward until it reaches a user with no manager assigned, which ends the recursion.