@gjacobse said in Powershell: Manager Report with Direct Reports:
In need of some assistance to expand this report that I found that is "close" to what I need to have. Would like some assistance in understanding what I have here and how to get to the end product.
Would like to pull all the Direct Reports for a manager - and all those to report to any of those members (Manager tree) and list out AD attributes.
function Get-AllReports {
param(
[string]$Manager
)
$DirectReports = Get-ADUser -Filter {manager -eq $Manager}
if($DirectReports){
Write-Output $DirectReports
$DirectReports | ForEach-Object {
Get-AllReports -Manager $_.DistinguishedName
}
}
}
$Manager = Read-host -Prompt 'Enter Managers Name'
Write-Host ""
$ManagerName = $Manager
Get-AllReports -Manager $ManagerName | export-csv $home\_Results\$Manager.csv
Additional items that are needed:
Manager Name
Manager Job Title
Member of VPN group
As the script is above - I get the following CSV file:
"DistinguishedName; Enabled; GivenName; Name; ObjectClass; ObjectGUID; SamAccountName; SID; Surname; UserPrincipalName"
Not really need DistinguishedName; ObjectGUID or SID, would like to drop those if possible - if not, it's not a bit deal as it can be hidden in the report. But need to add the fields above for auditing.
This isn't my code - just added export and manager query so it can be used without re-editing the thing everytime.
(Chatgpt used) :
To refine your PowerShell script according to your requirements, you'll need to modify it to include additional attributes (Manager Name, Manager Job Title, and VPN group membership) and exclude certain attributes (DistinguishedName, ObjectGUID, SID) from the final CSV report. Here's a guide on how to achieve this:
Expanding the Script Functionality
-
Modify the Function to Include Additional Attributes: Update the function to retrieve and display the Manager's Name, Job Title, and whether the user is a member of a specific VPN group.
-
Filter Out Unwanted Attributes: When exporting to CSV, select only the attributes you need.
-
Checking Group Membership: To check if a user is a member of the VPN group, you can use the Get-ADPrincipalGroupMembership
cmdlet and filter for the VPN group.
Here's an updated version of your script with these considerations:
function Get-AllReports {
param(
[string]$Manager
)
$DirectReports = Get-ADUser -Filter {manager -eq $Manager} -Properties Title, Manager, MemberOf
if($DirectReports) {
$DirectReports | ForEach-Object {
$ManagerInfo = Get-ADUser -Identity $_.Manager -Properties Title
$IsMemberOfVpnGroup = $_.MemberOf -contains "CN=VPNGroup,OU=Groups,DC=YourDomain,DC=com"
[PSCustomObject]@{
Name = $_.Name
JobTitle = $_.Title
ManagerName = $ManagerInfo.Name
ManagerJobTitle = $ManagerInfo.Title
MemberOfVpnGroup = $IsMemberOfVpnGroup
} | Write-Output
Get-AllReports -Manager $_.DistinguishedName
}
}
}
$Manager = Read-Host -Prompt 'Enter Managers Name'
Write-Host ""
$ManagerName = $Manager
Get-AllReports -Manager $ManagerName | Export-Csv "$home\_Results\$Manager.csv" -NoTypeInformation
Key Changes:
-
Added Attributes: The script now fetches Title
, Manager
, and MemberOf
properties for each user.
-
Manager Information: Retrieves the manager's name and job title using Get-ADUser
on the Manager
attribute.
-
VPN Group Membership: The $IsMemberOfVpnGroup
variable checks if the MemberOf
attribute contains the distinguished name of your VPN group. Adjust the group's distinguished name (CN=VPNGroup,OU=Groups,DC=YourDomain,DC=com
) to match your actual VPN group's DN.
-
Output Object: A custom PSObject is created for each user, containing only the desired information.
-
CSV Export: The final command pipes the collected data into Export-Csv
, excluding type information with -NoTypeInformation
.
Ensure you replace "CN=VPNGroup,OU=Groups,DC=YourDomain,DC=com"
with the actual distinguished name of your VPN group. Also, adjust attribute names and paths according to your Active Directory schema if necessary.