I am looking to populate direct (and indirect) subordinates under a specific person to crosscheck/update O365 DLs.
I want to populate people reporting under Bob but the script stop after it arrives at Frank (F), and I need help on how we can capture everyone in Bob's organization because the cmdlet, by default, only capture direct report under target person, how can we loop until the person without a direct report...
Bob has 3 direct reports (Chad, Dean, Eason)
Chad has 1 direct report (Frank)
Dean has 0 direct report
Eason has 1 direct report (George)
George has 1 direct report (Harris)
B > C > F
B > D
B > E > G > H
$name = Read-Host -Prompt "Name: "
$dog= Get-AzureADUser -SearchString $name
$puppets = Get-AzureADUserDirectReport -ObjectID $dog.ObjectId |
Where-Object {
($_.UserPrincipalName) -notlike "*svc*" -and
($_.UserPrincipalName) -notlike "SVC*"
}
$org =$puppets
Foreach ($puppet in $puppets){
$target = Get-AzureADUserDirectReport -ObjectID $puppet.ObjectId -ErrorAction Ignore |
Where-Object {
($_.UserPrincipalName) -notlike "*svc*" -and
($_.UserPrincipalName) -notlike "SVC*"
}
$org =$target
}
I am currently stuck on the first puppet manager and hope someone can guide me on moving to another puppet until no direct report is left.
CodePudding user response:
I tried to reproduce the same in my environment.
I could get the direct report itself as you did
$user= Get-AzureADUser -SearchString $name
Get-AzureADUserManager -ObjectId "c483cf2a-af94-405a-a6df-d2f339003391"
Get-AzureADUserDirectReport |
Where-Object {
($user.UserPrincipalName) -like "*ya*"
}
To get indirect reports there is no straight methods in order to loop through all organization . We need to loop by checking with user and user manager first and then repeat
Commands:
$users= Get-AzureADUser -Top 10
foreach($user in $users)
{
$usermanager =Get-AzureADUserManager -ObjectId $user.ObjectId
{
Get-AzureADUserDirectReport -ObjectId $usermanager.ObjectId
}
}
You can check the user manager and then check the direct reports in a loop
Also check this azure - Combining & matching output from Get-AzureADUser, Get-AzureADSubscribedSku , Get-AzureADUserManager - Stack Overflow
CodePudding user response:
This is what I have managed so far by copying & pasting from another AD Sample. It would be cool if we could make the "Manager" field shows canonical order like...
B > C > F
B > D
B > E > G > H
Instead of
C
B
G
Function Get-DirectReport3 {
# https://thesysadminchannel.com/get-direct-reports-in-active-directory-using-powershell-recursive/
# 1. Run this script (F5) first
# 2. Issue a command Get-DirectReport3 <Object-ID> to get output
# 3. Alternatively, Get-DirectReport3 <Object-ID> | Out-GridView for better visibilty
[CmdletBinding()]
param(
[Parameter(
Mandatory = $false,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true
)]
[string] $ObjectId,
[switch] $NoRecurse
)
BEGIN {}
PROCESS {
$manager = Get-AzureADUser -ObjectId $ObjectId
$UserAccount = Get-AzureADUserDirectReport -ObjectID $manager.ObjectId |
select DisplayName,UserPrincipalName,@{n="Manager";e={(Get-AzureADUser -ObjectId (Get-AzureADUserManager -ObjectId $_.ObjectId).ObjectId).DisplayName}},ObjectID
$UserAccount |
ForEach-Object {
$User = Get-AzureADUser -ObjectId $_.ObjectId |
select DisplayName,UserPrincipalName,@{n="Manager";e={(Get-AzureADUserManager -ObjectId $_.ObjectId).DisplayName}},ObjectID
if ($null -ne $User.UserPrincipalName) {
if (-not $NoRecurse) {
Get-DirectReport3 $User.ObjectId
}
}
[PSCustomObject] @{
ObjectId = $User.ObjectId
UserPrincipalName = $User.UserPrincipalName
DisplayName = $User.DisplayName
Manager = $User.Manager
}
}
}
END {}}