PowerShell recursive direct reports ADSI

Question

I am trying to get a list of everyone under a manager (span of control if you will). I have the code that works with the Active Directory module, but i am not able to figure out how to do it with ADSI.

I have tried using this code to start:

Function GetManager($Manager, $Report)
{
    # Output this manager and direct report.
    """$Manager"",""$Report""" | Out-File -FilePath $File -Append

    # Find the manager of this manager.
    $User = [ADSI]"LDAP://$Manager"
    $NextManager = $User.manager
    If ($NextManager -ne $Null)
    {
        # Check for circular hierarchy.
        If ($NextManager -eq $Report) {"Circular hierarchy found with $Report"}
        Else
        {
            GetManager $NextManager $Report
        }
    }
}

$D = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$Domain = [ADSI]"LDAP://$D"
$Searcher = New-Object System.DirectoryServices.DirectorySearcher
$Searcher.PageSize = 200
$Searcher.SearchScope = "subtree"
$Searcher.PropertiesToLoad.Add("distinguishedName") > $Null
$Searcher.PropertiesToLoad.Add("manager") > $Null
$Searcher.SearchRoot = "LDAP://" + $Domain.distinguishedName

$File = ".\ADOrganization.csv"
"Organization: $D"  | Out-File -FilePath $File
"Manager,Direct Report" | Out-File -FilePath $File -Append

# Find all direct reports, objects with a manager.
$Filter = "(manager=*)"

# Run the query.
$Searcher.Filter = $Filter

$Results = $Searcher.FindAll()

ForEach ($Result In $Results)
{
    $ReportDN = $Result.Properties.Item("distinguishedName")
    $ManagerDN = $Result.Properties.Item("manager")
    GetManager $ManagerDN $ReportDN
}

This is from the article here https://social.technet.microsoft.com/Forums/windows/en-US/7bc3d133-e2b3-4904-98dd-b33993db628a/recursively-select-all-subordinates-for-all-users-from-ad?forum=winserverpowershell. I am sure this works, but i can't figure out how to have it search for a specified manager. Can anyone push me in the right direction? Thanks!

I believe you are trying to load the AD property known as 'managedBy'. Try using adsiedit.msc on your domain controller and looking at the contents of a user to see the ldap properties a values. — Ty Savercool, Jul 18 '17 at 15:09
You said you have working code that uses the PowerShell cmdlets - why do you need alternate code that uses only the `[ADSI]` type accelerator? — Bill_Stewart, Jul 18 '17 at 15:12
I might not have worded that correctly. What i want to do is specify a manager in a variable and have the function search for them. I am wanting to use ADSI so people do not have to install the RSAT tools to run my script. — Travis M, Jul 18 '17 at 15:13
If not already in use, I would indeed consider to use the [managedBy](https://msdn.microsoft.com/en-us/library/ms676857(v=vs.85).aspx) attribute instead, knowing that every user object also has attribute called [managedObjects](https://msdn.microsoft.com/en-us/library/ms676858(v=vs.85).aspx) that links to all the managedBy user objects. This might save you some coding... — iRon, Jul 19 '17 at 07:01

iRon · Accepted Answer · 2017-07-19T08:30:13.247

0

$Filter = "(manager=<ManagerDN>)"

Or more specific:

$Filter = "(manager=CN=<ManagerCN>,OU=<ManagerOU>,$($Domain.distinguishedName))"

edited Jul 19 '17 at 08:30

answered Jul 19 '17 at 07:59

iRon

20,463
10
53
79

This will get all of the direct reports recursively for the manager that i specify, correct? – Travis M Jul 19 '17 at 12:44
The question doesn't exactly complete the purpose of the the script as the script expects a user as input and you want to filter on manager. But yes, all users with a specific (direct) manager are enumerated and the output will contain all the (recursive) managers of those users. – iRon Jul 19 '17 at 12:52

PowerShell recursive direct reports ADSI

1 Answers1