Manager SId in powershell

Hi All,

I have written this powershell script and i need the manager SID instead of the name, how do i do this?

get-aduser -filter {Enabled -eq $true} -properties * | select EmailAddress, GivenName, surname, objectSid, EmployeeNumber, enabled, Title, office, employeeType, Division, Department, objectSid, manager, extensionAttribute2,extentionAttribute4, extentionAttribute5, extentionAttribute6, extentionAttribute7 | format-table -list

Open in new window

Kelly GarciaSenior Systems AdministratorAsked:
Who is Participating?
 
oBdACommented:
You're gaining absolutely nothing by rolling it out this way, except complicating things.
Your script at https:#a42492914 first has to hold each and every enabled AD user in memory, plus one custom object each and every enabled AD user.
It's called PowerShell for a reason: let the pipeline do the work, instead of collecting everything in variables. Do yourself a favor and stop thinking in VB script.
You can directly pipe the output of Select-Object to Export-Csv. Saves time and memory, because there'll basically only be two objects in the pipeline at a time.
The properties can be rolled out over several lines, or they could just remain in a single line. Single line is better for pasting it into the console, this is better when used as a script.
Using calculated properties saves you the trouble of the Get-ADUser error handling if no manager is present, because the error will be suppressed, and the property will just be empty (exactly the same way the Manager property is empty in the first place).
Get-ADUser -filter {Enabled -eq $true} -properties * | 
	Select-Object -Property EmailAddress, GivenName, surname, objectSid, EmployeeNumber, enabled, Title, office, employeeType, Division, Department, @{n='managerSid'; e={(Get-ADUser -Identity $_.manager).SID}}, extensionAttribute2, extensionAttribute4, extensionAttribute5, extensionAttribute6, extensionAttribute7 |
	Export-Csv -NoTypeInformation -Path Users_1.csv

Open in new window

Get-ADUser -filter {Enabled -eq $true} -properties * | 
	Select-Object -Property `
		EmailAddress,
		GivenName,
		surname,
		objectSid,
		EmployeeNumber,
		enabled,
		Title,
		office,
		employeeType,
		Division,
		Department,
		@{n='managerSid'; e={(Get-ADUser -Identity $_.manager).SID}},
		extensionAttribute2,
		extensionAttribute4,
		extensionAttribute5,
		extensionAttribute6,
		extensionAttribute7 |
	Export-Csv -NoTypeInformation -Path Users_1.csv

Open in new window

1
 
Kelly GarciaSenior Systems AdministratorAuthor Commented:
can it be done via hash tables like this?

get-aduser -filter {Enabled -eq $true} -properties * | select EmailAddress, GivenName, @{"MangerSID"="$manager=(get-aduser $_ -Properties *).manager.split(",")[0].split("=")[1]"} | format-table -list

Open in new window

0
 
oBdACommented:
Not quite. A calculated expression must have two keys, "Name" and "Expression" (or "n" and "e"), where Name is obvious and Expression is a scriptblock that outputs the value.
In this case:
@{n='managerSid'; e={(Get-ADUser -Identity $_.manager).SID}}

Open in new window

You should only retrieve the properties from AD that you actually use, not *, and Format-Table doesn't have a "-List" argument (at least not until PS 5.1).
Try it like this:
Get-ADUser -Filter {Enabled -eq $true} -Properties EmailAddress, GivenName |
	Select-Object EmailAddress, GivenName, @{n='managerSid'; e={(Get-ADUser -Identity $_.manager).SID}} |
	Format-Table

Open in new window

0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
Kelly GarciaSenior Systems AdministratorAuthor Commented:
I am getting this error:

select : The property cannot be processed because the property "objectSid"
already exists.
At line:1 char:56
+ ... perties * | select EmailAddress, GivenName, surname, objectSid, Emplo ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (CN=AD Service,O...ecurie,DC=l
   ocal:PSObject) [Select-Object], PSArgumentException
    + FullyQualifiedErrorId : AlreadyExistingUserSpecifiedPropertyNoExpand,Mic
   rosoft.PowerShell.Commands.SelectObjectCommand

this is the code:

get-aduser -filter {Enabled -eq $true} -properties * | select EmailAddress, GivenName, surname, objectSid, EmployeeNumber, enabled, Title, office, employeeType, Division, Department, objectSid, @{n='managerSid'; e={(Get-ADUser -Identity $_.manager).SID}}, extensionAttribute2,extentionAttribute4, extentionAttribute5, extentionAttribute6, extentionAttribute7 | format-list

Open in new window

0
 
Kelly GarciaSenior Systems AdministratorAuthor Commented:
i've tried testing it without the objectsid in the code, however i cant see the manager sid
0
 
oBdACommented:
You have objectSid twice in your property list; remove the second instance.
Your extensionAttributes 4, 5, 6, 7 are written incorrectly.
Displays the managerSid just fine here.
Get-Aduser -filter {Enabled -eq $true} -properties * | select EmailAddress, GivenName, surname, objectSid, EmployeeNumber, enabled, Title, office, employeeType, Division, Department, @{n='managerSid'; e={(Get-ADUser -Identity $_.manager).SID}}, extensionAttribute2, extensionAttribute4, extensionAttribute5, extensionAttribute6, extensionAttribute7

Open in new window

0
 
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
This should do he trick:

get-aduser -filter {Enabled -eq $true} -properties * | select EmailAddress, GivenName, surname, objectSid, EmployeeNumber, enabled, Title, office, employeeType, Division, Department, objectSid, manager, @{Name="MangerSID";Expression={if (-not $_.manager) { "N/A"} else {get-aduser $($_.Manager) -properties objectSid | Select objectSid}}}, extensionAttribute2,extentionAttribute4, extentionAttribute5, extentionAttribute6, extentionAttribute7
 

Open in new window


Just get their manager and the manager sid:

get-aduser -filter {Enabled -eq $true} -properties manager | select GivenName, manager, @{Name="MangerSID";Expression={if (-not $_.manager) { "N/A"} else {get-aduser $($_.Manager) -properties objectSid | Select objectSid}}}
 

Open in new window

0
 
Kelly GarciaSenior Systems AdministratorAuthor Commented:
i've wriiten this code:

$allusers= @()

foreach ($u in $(get-aduser -filter {Enabled -eq $true} -properties *)){


$Object = New-Object PSObject -Property @{

EmailAddress=$u.emailaddress
GivenName = $u.GivenName
Surname=$u.Surname
EmployeeNumber=$u.EmployeeNumber
Enabled=$u.enabled
Title=$u.Title
office=$u.office
employeeType=$u.employeeType
Division=$u.Division
Department=$u.Department
UserSid=$u.objectSid
extensionAttribute2=$u.extensionAttribute2
extensionAttribute4=$u.extensionAttribute4
extensionAttribute5=$u.extensionAttribute5
extensionAttribute6=$u.extensionAttribute6
extensionAttribute7=$u.extensionAttribute7
mangersid = (Get-ADUser -Identity $u.manager).sid.value


}

$allusers += $Object


}


$allusers | Export-Csv Users_1.csv

Open in new window


however it fails it says:

Get-ADUser : Cannot validate argument on parameter 'Identity'. The argument is
null. Provide a valid value for the argument, and then try running the command
again.
At line:19 char:35
+ mangersid = (Get-ADUser -Identity $u.manager).sid.value
+                                   ~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Get-ADUser], ParameterBindingV
   alidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.Activ
   eDirectory.Management.Commands.GetADUser
0
 
Kelly GarciaSenior Systems AdministratorAuthor Commented:
its becuase $u.manager give me this value:

PS G:\> $u.manager
CN=Alice Cameron,OU=Users,OU=Links Place,OU=Windows 7 Project,DC=mcc,DC=mce,DC=local
0
 
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
Hello Kay,

 the code I shared above handles the Null values for manager.

  Essentially if no manager is found you need to change the value to "N/A"
0
 
Kelly GarciaSenior Systems AdministratorAuthor Commented:
Thank you i am just trying it now
0
 
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
IE:

get-aduser -filter {
     Enabled -eq $true} -properties * | select EmailAddress, GivenName, surname, objectSid, EmployeeNumber, enabled, Title, office, employeeType, Division, Department, manager, @{
        Name="MangerSID";Expression={
            if (-not $_.manager) { "N/A"
        } else {
            get-aduser $($_.Manager) -properties objectSid | Select objectSid
        }
    }
}, extensionAttribute2,extentionAttribute4, extentionAttribute5, extentionAttribute6, extentionAttribute7

Open in new window


Same code without line-breaks:

get-aduser -filter { Enabled -eq $true} -properties * | select EmailAddress, GivenName, surname, objectSid, EmployeeNumber, enabled, Title, office, employeeType, Division, Department, manager, @{Name="MangerSID";Expression={if (-not $_.manager) { "N/A"} else {get-aduser $($_.Manager) -properties objectSid | Select objectSid}}}, extensionAttribute2,extentionAttribute4, extentionAttribute5, extentionAttribute6, extentionAttribute7

Open in new window

0
 
Kelly GarciaSenior Systems AdministratorAuthor Commented:
on the csv the managersid puts an @....
0
 
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
Also note:

Using above Will return an object (@) so a slight modification:

get-aduser -filter { Enabled -eq $true} -properties * | select EmailAddress, GivenName, surname, objectSid, EmployeeNumber, enabled, Title, office, employeeType, Division, Department, manager, @{Name="MangerSID";Expression={if (-not $_.manager) { "N/A"} else {$(get-aduser $($_.Manager) -properties objectSid | Select objectSid).objectSid}}}, extensionAttribute2,extentionAttribute4, extentionAttribute5, extentionAttribute6, extentionAttribute7

Open in new window

0
 
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
all together:

$CSVFile="Users_1.csv"

$Results=get-aduser -filter { Enabled -eq $true} -properties * | select EmailAddress, GivenName, surname, objectSid, EmployeeNumber, enabled, Title, office, employeeType, Division, Department, manager, @{Name="MangerSID";Expression={if (-not $_.manager) { "N/A"} else {$(get-aduser $($_.Manager) -properties objectSid | Select objectSid).objectSid}}}, extensionAttribute2,extentionAttribute4, extentionAttribute5, extentionAttribute6, extentionAttribute7

$Results | Export-Csv $CSVFile

Open in new window

0
 
Kelly GarciaSenior Systems AdministratorAuthor Commented:
thank you, ive used -expandproperty which did the trick
1
 
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
that's another way of handling it, yup, I prefer to pick the object property.

also, I re-did your code to have the exclusion if you prefer that.

However not that using foreach is going to be slower, and the example code without the foreach should do the needful.

$allusers= @()
$CSVFile="Users_1.csv"

foreach ($u in $(get-aduser -filter {Enabled -eq $true} -properties *)){
	$Object = New-Object PSObject -Property @{
		EmailAddress=$u.emailaddress
		GivenName = $u.GivenName
		Surname=$u.Surname
		EmployeeNumber=$u.EmployeeNumber
		Enabled=$u.enabled
		Title=$u.Title
		office=$u.office
		employeeType=$u.employeeType
		Division=$u.Division
		Department=$u.Department
		UserSid=$u.objectSid
		extensionAttribute2=$u.extensionAttribute2
		extensionAttribute4=$u.extensionAttribute4
		extensionAttribute5=$u.extensionAttribute5
		extensionAttribute6=$u.extensionAttribute6
		extensionAttribute7=$u.extensionAttribute7
		mangersid = $(if (-not $u.manager) { "N/A"} else { $((Get-ADUser -Identity $u.manager -properties objectsid).objectsid)})
	}
	$allusers += $Object
}

$allusers | Export-Csv $CSVFile

Open in new window

0
 
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
Glad to help :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.