4

I am trying to dump an OU (Staff) in our AD to a specific format

"name" -> "Manager";

I am zeroing in but I'm hitting a wall with the following code

get-aduser -filter * -SearchBase "OU=Staff,DC=whatever,DC=local" |  get-aduser -Properties Manager | Select Name,Manager

The output for manager is returned as:

CN=Sharon Doe,OU=Staff,DC=whatever,DC=local

Also I am unsure how to wrap the text in quotes and insert the arrow between name and manger

Thanks if you can point me in the right direction

this is my sudo working code so far

Import-Module ActiveDirectory  
 $users = $null
 $i = $null  
 $users = Get-ADUser -SearchBase "ou=Staff,dc=whatever,dc=local" -filter * `  -property description  
 ForEach($user in $users)  
  {  

      $user.name + >>>Get-ADUser($users.manager).name**<<<

      $i++  

 }  
"$i users"
Improve this question
5
  • 1
    Yes, the manager property is the distinguished name of the manager's user object - to get the manager's name, you need to find that object (bind to it) and then retrieve it's name Commented Jul 9, 2015 at 18:53
  • Seems logical, How do I do that? Commented Jul 9, 2015 at 18:54
  • 2
    See the response below - Mathias beat me to the response (and his is much better than mine ever would have been :-) ) Commented Jul 9, 2015 at 19:04
  • I updated the answer with the code using only parts i understand. the part marked in the >>>><<<< brackets is what i don't understand is not work Commented Jul 10, 2015 at 0:31
  • @Crash893 updated my answer with an example using a foreach loop Commented Jul 10, 2015 at 11:21

2 Answers 2

Reset to default
12

You can use 

(Get-ADUser "CN=Sharon Doe,OU=Staff,DC=whatever,DC=local").DisplayName

to fetch the manager's user object and grab the DisplayName instead of the DN.

If you don't feel confident working with calculated properties (see below), you can use it inside a foreach loop:

$Users = Get-ADUser -filter * -SearchBase "OU=Staff,DC=whatever,DC=local" -Properties Manager 

foreach($User in $Users){
    $Manager = Get-ADUser $User.Manager -Properties DisplayName
    $ManagerName = $Manager.DisplaýName

    "$($User.Name) -> $ManagerName"
}

You could also use it inside a calculated property when using Select-Object:

$Users = Get-ADUser -filter * -SearchBase "OU=Staff,DC=whatever,DC=local" -Properties Manager 
$Users | Select Name,@{label="Manager";expression={(Get-ADUser $_.Manager -Properties DisplayName).DisplayName}}

If the Select statement gets too unreadable, you can always make a splatting table with the properties:

$NameManager = @{
  "Property" = @(
    "Name"
    @{
      Label = "Manager"
      Expression = {
        Get-ADUser $_.Manager -Properties DisplayName |Select -Expand DisplayName
      }
    }
  )
}

$Users | Select-Object @NameManager
Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

I updated the answer with the code using only parts i understand. the part marked in the >>>><<<< brackets is what i don't understand is not work
@Crash893 You need to wrap the Get-ADUser call into one more set of round brackets. "$($user.name) -> $((Get-ADUser($users.manager)).name)" The $(expression) syntax in a string inserts the expression value in the indicated place.
@Vesper Its almost there but I am getting an error
Get-ADUser : Cannot convert 'System.Object[]' to the type 'Microsoft.ActiveDirectory.Management.ADUser' required by parameter 'Identity'. Specified method is not supported. At C:\Users\administrator.whatever\Desktop\orgchart test.ps1:8 char:50 + write-host $($user.name) "->" $((Get-ADUser($users.manager)).name) + ~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (:) [Get-ADUser], ParameterBindingException + FullyQualifiedErrorId : CannotConvertArgument,Microsoft.ActiveDirectory.Management.Commands.GetADUser
@mathias R. Jessen, you for script runs but two things happen 1) no user has a manager and 2) oddly some users error out i confirmed that they users that error out do have managers
|
5

I use PowerShell regex to filter only the friendly name portion of the manager from the DN for the "Manger" attribute in the AD user object properties, see below:

$newUser = Get-ADUser -Identity someUser1 -Properties *
$newUser.Manager

Output: CN=Some Manager1,OU=IT,DC=YOUR,DC=DOMAIN,DC=COM

$newUser.Manager.split(',')[0].trim('CN=')

Output:

Some Manager1

In addition, you could use the following filter as well, but I feel it is more code than necessary, trim does what we want with less typing and complexity (Not going into why one is better than the other, we haven't talked scale about this ask):

CN=someUser1,OU=IT,DC=YOUR,DC=DOMAIN,DC=COM
$newUser.Manager.split(',')[0] -replace 'CN=',''

Output:

Some Manager1

For completeness, you should know the type of your final state, you can get this with the following:

($newUser.Manager.split(',')[0].trim('CN=')).GetType()

OR

($newUser.Manager.split(',')[0] -replace 'CN=','').GetType()

Output:

IsPublic IsSerial Name                                     BaseType                                                                                                                                                           
-------- -------- ----                                     --------                                                                                                                                                           
True     True     String                                   System.Object

Now you know your final value is of type 'string'!

Lastly, you can trap your value in a variable:

$Mgr = $newUser.Manager.split(',')[0].trim('CN=')

Okay, I found a bug in my regex using trim logic, if an user has a DN that starts like the following:

CN=Nicholas

Then the output using $newUser.Manager.split(',')[0].trim('CN=') is as follows:

icholas

This is because trim truncates any matching character, not the whole string specified, where as -replace does it based on the string as shown below:

$newUser.Manager.split(',')[0] -replace 'CN=',''

Output:

Nicholas

FINAL SOLUTION: So, I recommend the following as a final solution:

$newUser.Manager.split(',')[0] -replace 'CN=',''

My apologies for the oversight, I now remember seeing others mention this online and I completely forgot about it. Once again, I apologize for the confusion.

Enjoy!

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.