Whether you need to find a user's manager, get manager contact details, or export comprehensive reports, the Get-ADUser PowerShell cmdlet is a powerful tool. This article demonstrates how to use this cmdlet to retrieve manager information, explores common use cases, and discusses its limitations. We'll also show you how this task can be streamlined using the various AD user reports available in ADManager Plus, a comprehensive AD reporting tool.
The following table compares how you can get an AD user's manager using their display name in using PowerShell versus ADManager Plus.
Before you start, ensure you have:
To get a user's manager using PowerShell, first you need to get the user object, then use the Manager property to retrieve the manager's object.
Get-ADUser -Identity "John" -Properties manager
To find an AD user's manager using ADManager Plus:
Here are some of the most common scenarios you'll encounter when querying for a user's manager:
By default, the manager property of a user object returns the manager's distinguished name (DN), which isn't very readable. To get the manager's actual name, you need to perform another query using the Get-ADUser cmdlet.
# Get the user and their manager's DN
$user = Get-ADUser -Identity "jdoe" -Properties Manager
# Check if the manager property is populated
if ($user.Manager) {
# Get the manager object using the DN
$manager = Get-ADUser -Identity $user.Manager -Properties DisplayName
Write-Host "The manager for $($user.Name) is $($manager.DisplayName)."
} else {
Write-Host "$($user.Name) does not have a manager assigned."
}
A common IT request is to get the manager's email address for notification or approval workflows. This requires fetching the mail property from the manager's user object.
$user = Get-ADUser -Identity "John" -Properties manager
if ($user.Manager)
{
# Get the manager and select their email address property
$manager = Get-ADUser -Identity $user.manager -Properties mail
Write-Host "The email address for the manager of $($user.Name) is $($manager.mail)."
} else {
Write-Host"$($user.Name) does not have a manager assigned."
}
To generate a report for multiple users, you can combine these commands and export the output to a CSV file.
Get-ADUser -Filter * -Properties Manager | ForEach-Object {
$userObject = $_
$managerName = "" # Default to empty string
if ($userObject.Manager) {
# Get the manager's DisplayName
$manager = Get-ADUser -Identity $userObject.Manager -Properties DisplayName
$managerName = $manager.DisplayName
}
# Create a custom object with the desired properties
[PSCustomObject]@{
UserName = $userObject.Name
sAMAccountName = $userObject.sAMAccountName
Manager = $managerName
}
} | Export-Csv -Path "C:\Reports\UsersAndManagers.csv" -NoTypeInformation
You can use the Filter parameter to find all users where the manager property is equal to the manager's distinguished name.
$manager = Get-ADUser "themanager"
Get-ADUser -Filter "Manager -eq '$($manager.DistinguishedName)'"
While PowerShell can be used to retrieve user reports, it comes with several limitations:
ADManager Plus provides a simple and efficient alternative to PowerShell scripting for AD reporting.
The manager property on the user object will be empty. Your script should include an if statement to check if the property exists before trying to use it, which prevents errors.
You can use the Set-ADUser cmdlet to assign or change a manager. You need the identity of the user to modify and the identity of the new manager as well. Here's a sample script:
Set-ADUser -Identity "John" -Manager "Jake"
This requires a recursive PowerShell function that repeatedly calls Get-ADUser for each manager until it reaches a user with no manager assigned.