?
Solved

Add Manager to Get-ADUser script without the full cn

Posted on 2016-11-18
7
Medium Priority
?
73 Views
Last Modified: 2016-11-29
I had this question after viewing Powershell:  Output displayname of "Manager" attribute when querying Active Directory.

I created the script below which is really great, but I want to only have the manager's name, not the entire CN. (I redacted the actual domain and OU from the searchbase). I could really use some assistance on figuring out where to put the syntax from the above Expert's post in my script below to make it work properly. I've tried several different things and am stumped.

Import-Module Activedirectory
Get-ADUser -Filter * -Properties DisplayName,EmployeeID,mail,Manager,memberof -searchbase 'OU=Users,OU=OU,DC=DOMAIN,DC=local' | % {
  New-Object PSObject -Property @{
      UserName = $_.DisplayName
      EmployeeID = $_.EmployeeID
      Email = $_.mail
      Manager = $_.manager
      Groups = ($_.memberof | Get-ADGroup | Select -ExpandProperty Name) -join ","
      }
} | Select UserName,EmployeeID,Email,Manager,Groups

Open in new window

0
Comment
Question by:Intelli-Seeker
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 40

Expert Comment

by:footech
ID: 41893853
You can either extract the bit you want from the manager's distinguishedName (string), or if you want other info then you would have to do another Get-ADUser query for the manager.  I've shown a way of extracting a portion of the string below.
Import-Module Activedirectory
Get-ADUser -Filter * -Properties DisplayName,EmployeeID,mail,Manager,memberof -searchbase 'OU=Users,OU=OU,DC=DOMAIN,DC=local' | % {
  New-Object PSObject -Property @{
      UserName = $_.DisplayName
      EmployeeID = $_.EmployeeID
      Email = $_.mail
      Manager = $_.manager -split "CN=|,OU=")[1]
      Groups = ($_.memberof | Get-ADGroup | Select -ExpandProperty Name) -join ","
      }
} | Select UserName,EmployeeID,Email,Manager,Groups

Open in new window

1
 

Author Comment

by:Intelli-Seeker
ID: 41895871
I received this error when running the script.

At line:7 char:45
+       Manager = $_.manager -split "CN=|,OU=")[1]
+                                             ~
The hash literal was incomplete.
At line:2 char:131
+ ... ,DC=local' | % {
+                    ~
Missing closing '}' in statement block.
At line:7 char:45
+       Manager = $_.manager -split "CN=|,OU=")[1]
+                                             ~
Unexpected token ')' in expression or statement.
At line:7 char:47
+       Manager = $_.manager -split "CN=|,OU=")[1]
+                                               ~
Missing type name after '['.
At line:9 char:7
+       }
+       ~
Unexpected token '}' in expression or statement.
At line:10 char:1
+ } | Select UserName,EmployeeID,Email,Manager,Groups
+ ~
Unexpected token '}' in expression or statement.
At line:10 char:3
+ } | Select UserName,EmployeeID,Email,Manager,Groups
+   ~
An empty pipe element is not allowed.
    + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : IncompleteHashLiteral
0
 
LVL 40

Accepted Solution

by:
footech earned 2000 total points
ID: 41896325
Sorry, missing parentheses.  Line 7 should be
Manager = ($_.manager -split "CN=|,OU=")[1]

Open in new window

1
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:Intelli-Seeker
ID: 41896523
That worked perfect! Another related question - I passed the output on to the person that requested the csv file.  He asked if there was a way to have it list all the groups that a person is in without the commas. In Excel, if a person belongs to multiple groups (which is why we are working on this script) it will show the groups in one column separated by commas. Is there a way to separate the groups into rows in the csv using powershell without manipulating the file after the fact?  It could look something similar to what I have in the screenshot. Can the groups be separated into rows rather than by commas in the same column without manipulating it in Excel?
0
 

Author Closing Comment

by:Intelli-Seeker
ID: 41906096
This was a great solution to add a manager to an existing script. Thanks for your assistance.
0
 
LVL 40

Expert Comment

by:footech
ID: 41906202
Sorry, I forgot about the prior comment.
You can't really make a .CSV like in your screenshot because then it's not really a .CSV.  In a .CSV, each row should have complete information.  However, bending the rules a little bit to make things more easily viewable in Excel, here's a couple options:
 1) change the join character for the groups to a newline - "`n" (it's like using Alt-Enter in a cell).
 2) another way I've seen this handled is to duplicate the info in the other fields and have each group be its own row.
Import-Module Activedirectory
Get-ADUser -Filter * -Properties DisplayName,EmployeeID,mail,Manager,memberof -searchbase 'OU=Users,OU=OU,DC=DOMAIN,DC=local' | % {
    $user = $_
    $user.memberof | Get-ADGroup | Select -ExpandProperty Name | % {
        New-Object PSObject -Property @{
            UserName = $user.DisplayName
            EmployeeID = $user.EmployeeID
            Email = $user.mail
            Manager = ($user.manager -split "CN=|,OU=")[1]
            Groups = $_
            }
    }
} | Select UserName,EmployeeID,Email,Manager,Groups

Open in new window


I'm sure you could also do it like in your screen shot, but it'd be a bit more complex.
1
 

Author Comment

by:Intelli-Seeker
ID: 41906332
That worked exactly the way I wanted it to. Thanks!
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question