Solved Powershell: Manager Report with Direct Reports
-
In need of some assistance to expand this report that I found that is "close" to what I need to have. Would like some assistance in understanding what I have here and how to get to the end product.
Would like to pull all the Direct Reports for a manager - and all those to report to any of those members (Manager tree) and list out AD attributes.
function Get-AllReports { param( [string]$Manager ) $DirectReports = Get-ADUser -Filter {manager -eq $Manager} if($DirectReports){ Write-Output $DirectReports $DirectReports | ForEach-Object { Get-AllReports -Manager $_.DistinguishedName } } } $Manager = Read-host -Prompt 'Enter Managers Name' Write-Host "" $ManagerName = $Manager Get-AllReports -Manager $ManagerName | export-csv $home\_Results\$Manager.csvAdditional items that are needed:
Manager Name
Manager Job Title
Member of VPN groupAs the script is above - I get the following CSV file:
"DistinguishedName; Enabled; GivenName; Name; ObjectClass; ObjectGUID; SamAccountName; SID; Surname; UserPrincipalName"
Not really need DistinguishedName; ObjectGUID or SID, would like to drop those if possible - if not, it's not a bit deal as it can be hidden in the report. But need to add the fields above for auditing.
This isn't my code - just added export and manager query so it can be used without re-editing the thing everytime.
-
G gjacobse marked this topic as a question on
-
@gjacobse said in Powershell: Manager Report with Direct Reports:
In need of some assistance to expand this report that I found that is "close" to what I need to have. Would like some assistance in understanding what I have here and how to get to the end product.
Would like to pull all the Direct Reports for a manager - and all those to report to any of those members (Manager tree) and list out AD attributes.
function Get-AllReports { param( [string]$Manager ) $DirectReports = Get-ADUser -Filter {manager -eq $Manager} if($DirectReports){ Write-Output $DirectReports $DirectReports | ForEach-Object { Get-AllReports -Manager $_.DistinguishedName } } } $Manager = Read-host -Prompt 'Enter Managers Name' Write-Host "" $ManagerName = $Manager Get-AllReports -Manager $ManagerName | export-csv $home\_Results\$Manager.csvAdditional items that are needed:
Manager Name
Manager Job Title
Member of VPN groupAs the script is above - I get the following CSV file:
"DistinguishedName; Enabled; GivenName; Name; ObjectClass; ObjectGUID; SamAccountName; SID; Surname; UserPrincipalName"
Not really need DistinguishedName; ObjectGUID or SID, would like to drop those if possible - if not, it's not a bit deal as it can be hidden in the report. But need to add the fields above for auditing.
This isn't my code - just added export and manager query so it can be used without re-editing the thing everytime.
(Chatgpt used) :
To refine your PowerShell script according to your requirements, you'll need to modify it to include additional attributes (Manager Name, Manager Job Title, and VPN group membership) and exclude certain attributes (DistinguishedName, ObjectGUID, SID) from the final CSV report. Here's a guide on how to achieve this:
Expanding the Script Functionality
-
Modify the Function to Include Additional Attributes: Update the function to retrieve and display the Manager's Name, Job Title, and whether the user is a member of a specific VPN group.
-
Filter Out Unwanted Attributes: When exporting to CSV, select only the attributes you need.
-
Checking Group Membership: To check if a user is a member of the VPN group, you can use the
Get-ADPrincipalGroupMembershipcmdlet and filter for the VPN group.
Here's an updated version of your script with these considerations:
function Get-AllReports { param( [string]$Manager ) $DirectReports = Get-ADUser -Filter {manager -eq $Manager} -Properties Title, Manager, MemberOf if($DirectReports) { $DirectReports | ForEach-Object { $ManagerInfo = Get-ADUser -Identity $_.Manager -Properties Title $IsMemberOfVpnGroup = $_.MemberOf -contains "CN=VPNGroup,OU=Groups,DC=YourDomain,DC=com" [PSCustomObject]@{ Name = $_.Name JobTitle = $_.Title ManagerName = $ManagerInfo.Name ManagerJobTitle = $ManagerInfo.Title MemberOfVpnGroup = $IsMemberOfVpnGroup } | Write-Output Get-AllReports -Manager $_.DistinguishedName } } } $Manager = Read-Host -Prompt 'Enter Managers Name' Write-Host "" $ManagerName = $Manager Get-AllReports -Manager $ManagerName | Export-Csv "$home\_Results\$Manager.csv" -NoTypeInformationKey Changes:
-
Added Attributes: The script now fetches
Title,Manager, andMemberOfproperties for each user. -
Manager Information: Retrieves the manager's name and job title using
Get-ADUseron theManagerattribute. -
VPN Group Membership: The
$IsMemberOfVpnGroupvariable checks if theMemberOfattribute contains the distinguished name of your VPN group. Adjust the group's distinguished name (CN=VPNGroup,OU=Groups,DC=YourDomain,DC=com) to match your actual VPN group's DN. -
Output Object: A custom PSObject is created for each user, containing only the desired information.
-
CSV Export: The final command pipes the collected data into
Export-Csv, excluding type information with-NoTypeInformation.
Ensure you replace
"CN=VPNGroup,OU=Groups,DC=YourDomain,DC=com"with the actual distinguished name of your VPN group. Also, adjust attribute names and paths according to your Active Directory schema if necessary. -
-
I forget about chatGPT being able to do things like this and will need to look at getting started with it someday.
Copied it over and was about to start making additional when I realized that it didn't copy everything the first time - glad I paid attention.
Using the COPY option, got it over to the work computer and started it. I am getting three errors, and when I review it, it doesn't make sense.
"Missing closing "}" in three places. which with the copy, doesn't make sense.
Still reviewing
I appreciate your assistance on this.
-
@gjacobse said in Powershell: Manager Report with Direct Reports:
I forget about chatGPT being able to do things like this and will need to look at getting started with it someday.
Copied it over and was about to start making additional when I realized that it didn't copy everything the first time - glad I paid attention.
Using the COPY option, got it over to the work computer and started it. I am getting three errors, and when I review it, it doesn't make sense.
"Missing closing "}" in three places. which with the copy, doesn't make sense.
Still reviewing
I appreciate your assistance on this.
Stared at it long enough -
Found that it managed to copy a section twice (?)... Cleard it out and recopied it and seems to be fine. running to see what the results are.
-
Some minor changes made to the details. This is the current version and I hope that is the final. I have not heard back from the requester as of yet:
function Get-AllReports { param( [string]$Manager ) $DirectReports = Get-ADUser -Filter {manager -eq $Manager} -Properties AccountExpirationDate, Title, Manager, Enabled, SAMAccountName, MemberOf if($DirectReports) { $DirectReports | ForEach-Object { $ManagerInfo = Get-ADUser -Identity $_.Manager -Properties Title if ($_.MemberOf -like "*vpn*") { $VpnGroup = "" foreach ($group in $_.MemberOf) { if ($group -like "*vpn*") { if ($VpnGroup -ne "") { $VpnGroup += " $((Get-ADGroup $group).Name)" } else { #$VpnGroup = $group $VpnGroup = (Get-ADGroup $group).Name } } } #$IsMemberOfVpnGroup = $true } else { #$IsMemberOfVpnGroup = $false } [PSCustomObject]@{ Name = $_.Name AccountExpirationDate = $_.AccountExpirationDate JobTitle = $_.Title ManagerName = $ManagerInfo.Name ManagerJobTitle = $ManagerInfo.Title # MemberOfVpnGroup = $IsMemberOfVpnGroup VpnGroup = $VpnGroup } | Write-Output Get-AllReports -Manager $_.DistinguishedName } } } $Manager = Read-Host -Prompt 'Enter Managers Name' Write-Host "" $ManagerName = $Manager Get-AllReports -Manager $ManagerName | Export-Csv "$home\_Results\$Manager.csv" -NoTypeInformation -
G gjacobse has marked this topic as solved on
-
@gjacobse You should consider publishing this and others (sanitizing of course) to GitLab or GitHub. It can serve as a reference for you as well as a bit of a portfolio. I know for a fact my GitLab stuff had a positive effect with helping me land my current gig.
