Manager SId in powershell

Hi All,

I have written this powershell script and i need the manager SID instead of the name, how do i do this?

get-aduser -filter {Enabled -eq $true} -properties * | select EmailAddress, GivenName, surname, objectSid, EmployeeNumber, enabled, Title, office, employeeType, Division, Department, objectSid, manager, extensionAttribute2,extentionAttribute4, extentionAttribute5, extentionAttribute6, extentionAttribute7 | format-table -list

Open in new window

Kelly GarciaSenior Systems AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kelly GarciaSenior Systems AdministratorAuthor Commented:
can it be done via hash tables like this?

get-aduser -filter {Enabled -eq $true} -properties * | select EmailAddress, GivenName, @{"MangerSID"="$manager=(get-aduser $_ -Properties *).manager.split(",")[0].split("=")[1]"} | format-table -list

Open in new window

0
oBdACommented:
Not quite. A calculated expression must have two keys, "Name" and "Expression" (or "n" and "e"), where Name is obvious and Expression is a scriptblock that outputs the value.
In this case:
@{n='managerSid'; e={(Get-ADUser -Identity $_.manager).SID}}

Open in new window

You should only retrieve the properties from AD that you actually use, not *, and Format-Table doesn't have a "-List" argument (at least not until PS 5.1).
Try it like this:
Get-ADUser -Filter {Enabled -eq $true} -Properties EmailAddress, GivenName |
	Select-Object EmailAddress, GivenName, @{n='managerSid'; e={(Get-ADUser -Identity $_.manager).SID}} |
	Format-Table

Open in new window

0
Kelly GarciaSenior Systems AdministratorAuthor Commented:
I am getting this error:

select : The property cannot be processed because the property "objectSid"
already exists.
At line:1 char:56
+ ... perties * | select EmailAddress, GivenName, surname, objectSid, Emplo ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (CN=AD Service,O...ecurie,DC=l
   ocal:PSObject) [Select-Object], PSArgumentException
    + FullyQualifiedErrorId : AlreadyExistingUserSpecifiedPropertyNoExpand,Mic
   rosoft.PowerShell.Commands.SelectObjectCommand

this is the code:

get-aduser -filter {Enabled -eq $true} -properties * | select EmailAddress, GivenName, surname, objectSid, EmployeeNumber, enabled, Title, office, employeeType, Division, Department, objectSid, @{n='managerSid'; e={(Get-ADUser -Identity $_.manager).SID}}, extensionAttribute2,extentionAttribute4, extentionAttribute5, extentionAttribute6, extentionAttribute7 | format-list

Open in new window

0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Kelly GarciaSenior Systems AdministratorAuthor Commented:
i've tried testing it without the objectsid in the code, however i cant see the manager sid
0
oBdACommented:
You have objectSid twice in your property list; remove the second instance.
Your extensionAttributes 4, 5, 6, 7 are written incorrectly.
Displays the managerSid just fine here.
Get-Aduser -filter {Enabled -eq $true} -properties * | select EmailAddress, GivenName, surname, objectSid, EmployeeNumber, enabled, Title, office, employeeType, Division, Department, @{n='managerSid'; e={(Get-ADUser -Identity $_.manager).SID}}, extensionAttribute2, extensionAttribute4, extensionAttribute5, extensionAttribute6, extensionAttribute7

Open in new window

0
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
This should do he trick:

get-aduser -filter {Enabled -eq $true} -properties * | select EmailAddress, GivenName, surname, objectSid, EmployeeNumber, enabled, Title, office, employeeType, Division, Department, objectSid, manager, @{Name="MangerSID";Expression={if (-not $_.manager) { "N/A"} else {get-aduser $($_.Manager) -properties objectSid | Select objectSid}}}, extensionAttribute2,extentionAttribute4, extentionAttribute5, extentionAttribute6, extentionAttribute7
 

Open in new window


Just get their manager and the manager sid:

get-aduser -filter {Enabled -eq $true} -properties manager | select GivenName, manager, @{Name="MangerSID";Expression={if (-not $_.manager) { "N/A"} else {get-aduser $($_.Manager) -properties objectSid | Select objectSid}}}
 

Open in new window

0
Kelly GarciaSenior Systems AdministratorAuthor Commented:
i've wriiten this code:

$allusers= @()

foreach ($u in $(get-aduser -filter {Enabled -eq $true} -properties *)){


$Object = New-Object PSObject -Property @{

EmailAddress=$u.emailaddress
GivenName = $u.GivenName
Surname=$u.Surname
EmployeeNumber=$u.EmployeeNumber
Enabled=$u.enabled
Title=$u.Title
office=$u.office
employeeType=$u.employeeType
Division=$u.Division
Department=$u.Department
UserSid=$u.objectSid
extensionAttribute2=$u.extensionAttribute2
extensionAttribute4=$u.extensionAttribute4
extensionAttribute5=$u.extensionAttribute5
extensionAttribute6=$u.extensionAttribute6
extensionAttribute7=$u.extensionAttribute7
mangersid = (Get-ADUser -Identity $u.manager).sid.value


}

$allusers += $Object


}


$allusers | Export-Csv Users_1.csv

Open in new window


however it fails it says:

Get-ADUser : Cannot validate argument on parameter 'Identity'. The argument is
null. Provide a valid value for the argument, and then try running the command
again.
At line:19 char:35
+ mangersid = (Get-ADUser -Identity $u.manager).sid.value
+                                   ~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Get-ADUser], ParameterBindingV
   alidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.Activ
   eDirectory.Management.Commands.GetADUser
0
Kelly GarciaSenior Systems AdministratorAuthor Commented:
its becuase $u.manager give me this value:

PS G:\> $u.manager
CN=Alice Cameron,OU=Users,OU=Links Place,OU=Windows 7 Project,DC=mcc,DC=mce,DC=local
0
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
Hello Kay,

 the code I shared above handles the Null values for manager.

  Essentially if no manager is found you need to change the value to "N/A"
0
Kelly GarciaSenior Systems AdministratorAuthor Commented:
Thank you i am just trying it now
0
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
IE:

get-aduser -filter {
     Enabled -eq $true} -properties * | select EmailAddress, GivenName, surname, objectSid, EmployeeNumber, enabled, Title, office, employeeType, Division, Department, manager, @{
        Name="MangerSID";Expression={
            if (-not $_.manager) { "N/A"
        } else {
            get-aduser $($_.Manager) -properties objectSid | Select objectSid
        }
    }
}, extensionAttribute2,extentionAttribute4, extentionAttribute5, extentionAttribute6, extentionAttribute7

Open in new window


Same code without line-breaks:

get-aduser -filter { Enabled -eq $true} -properties * | select EmailAddress, GivenName, surname, objectSid, EmployeeNumber, enabled, Title, office, employeeType, Division, Department, manager, @{Name="MangerSID";Expression={if (-not $_.manager) { "N/A"} else {get-aduser $($_.Manager) -properties objectSid | Select objectSid}}}, extensionAttribute2,extentionAttribute4, extentionAttribute5, extentionAttribute6, extentionAttribute7

Open in new window

0
Kelly GarciaSenior Systems AdministratorAuthor Commented:
on the csv the managersid puts an @....
0
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
Also note:

Using above Will return an object (@) so a slight modification:

get-aduser -filter { Enabled -eq $true} -properties * | select EmailAddress, GivenName, surname, objectSid, EmployeeNumber, enabled, Title, office, employeeType, Division, Department, manager, @{Name="MangerSID";Expression={if (-not $_.manager) { "N/A"} else {$(get-aduser $($_.Manager) -properties objectSid | Select objectSid).objectSid}}}, extensionAttribute2,extentionAttribute4, extentionAttribute5, extentionAttribute6, extentionAttribute7

Open in new window

0
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
all together:

$CSVFile="Users_1.csv"

$Results=get-aduser -filter { Enabled -eq $true} -properties * | select EmailAddress, GivenName, surname, objectSid, EmployeeNumber, enabled, Title, office, employeeType, Division, Department, manager, @{Name="MangerSID";Expression={if (-not $_.manager) { "N/A"} else {$(get-aduser $($_.Manager) -properties objectSid | Select objectSid).objectSid}}}, extensionAttribute2,extentionAttribute4, extentionAttribute5, extentionAttribute6, extentionAttribute7

$Results | Export-Csv $CSVFile

Open in new window

0
Kelly GarciaSenior Systems AdministratorAuthor Commented:
thank you, ive used -expandproperty which did the trick
1
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
that's another way of handling it, yup, I prefer to pick the object property.

also, I re-did your code to have the exclusion if you prefer that.

However not that using foreach is going to be slower, and the example code without the foreach should do the needful.

$allusers= @()
$CSVFile="Users_1.csv"

foreach ($u in $(get-aduser -filter {Enabled -eq $true} -properties *)){
	$Object = New-Object PSObject -Property @{
		EmailAddress=$u.emailaddress
		GivenName = $u.GivenName
		Surname=$u.Surname
		EmployeeNumber=$u.EmployeeNumber
		Enabled=$u.enabled
		Title=$u.Title
		office=$u.office
		employeeType=$u.employeeType
		Division=$u.Division
		Department=$u.Department
		UserSid=$u.objectSid
		extensionAttribute2=$u.extensionAttribute2
		extensionAttribute4=$u.extensionAttribute4
		extensionAttribute5=$u.extensionAttribute5
		extensionAttribute6=$u.extensionAttribute6
		extensionAttribute7=$u.extensionAttribute7
		mangersid = $(if (-not $u.manager) { "N/A"} else { $((Get-ADUser -Identity $u.manager -properties objectsid).objectsid)})
	}
	$allusers += $Object
}

$allusers | Export-Csv $CSVFile

Open in new window

0
oBdACommented:
You're gaining absolutely nothing by rolling it out this way, except complicating things.
Your script at https:#a42492914 first has to hold each and every enabled AD user in memory, plus one custom object each and every enabled AD user.
It's called PowerShell for a reason: let the pipeline do the work, instead of collecting everything in variables. Do yourself a favor and stop thinking in VB script.
You can directly pipe the output of Select-Object to Export-Csv. Saves time and memory, because there'll basically only be two objects in the pipeline at a time.
The properties can be rolled out over several lines, or they could just remain in a single line. Single line is better for pasting it into the console, this is better when used as a script.
Using calculated properties saves you the trouble of the Get-ADUser error handling if no manager is present, because the error will be suppressed, and the property will just be empty (exactly the same way the Manager property is empty in the first place).
Get-ADUser -filter {Enabled -eq $true} -properties * | 
	Select-Object -Property EmailAddress, GivenName, surname, objectSid, EmployeeNumber, enabled, Title, office, employeeType, Division, Department, @{n='managerSid'; e={(Get-ADUser -Identity $_.manager).SID}}, extensionAttribute2, extensionAttribute4, extensionAttribute5, extensionAttribute6, extensionAttribute7 |
	Export-Csv -NoTypeInformation -Path Users_1.csv

Open in new window

Get-ADUser -filter {Enabled -eq $true} -properties * | 
	Select-Object -Property `
		EmailAddress,
		GivenName,
		surname,
		objectSid,
		EmployeeNumber,
		enabled,
		Title,
		office,
		employeeType,
		Division,
		Department,
		@{n='managerSid'; e={(Get-ADUser -Identity $_.manager).SID}},
		extensionAttribute2,
		extensionAttribute4,
		extensionAttribute5,
		extensionAttribute6,
		extensionAttribute7 |
	Export-Csv -NoTypeInformation -Path Users_1.csv

Open in new window

1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
Glad to help :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.