I was wondering if there is a way to create a "Saved Query" that lists all the "Active" Users that are assigned to a "Disabled" user as their manager.
Right now, I am doing a search where the "Manager" "is (exactly)":
CN=John\20Doe,OU=Disabled\20Users,DC=domain,DC=local
But I have to manually change it each time to the disabled manager's name, each time I want to make changes. That is ok when I remember to do it the exact time I am disabling the manager's user. But if I forget and I want to go back and just confirm I haven't missed anyone, I would love to be able to do a search for all users assigned to ANY disabled managers (also whether or not I have moved the manager to my "Disabled Users" OU, in case I forgot to do that too).
I want to do this within ADUC so that I can just quickly/easily double click the search results one at a time to change the active user's manager to the new manager. I need to do this one at a time, because users could be assigned different managers.
So I am not looking for a search via PowerShell, or how to "mass change" a manager's assigned users to another single manager via PowerShell as both would not be useful in this case.
Current ADUC Saved Query string within Windows Server 2019 Standard:
(&(objectCategory=user)(objectClass=user)(manager=CN=John\20Doe,OU=Disabled\20Users,DC=domain,DC=local))
You can't do exactly what you're looking for in one query, but there is something that you can do for the purpose you need. You can use the directReports attribute, which is a back link for the manager attribute (i.e. directReports will have the users that have this user as the manager).
Using that, you can look for disabled accounts that have any direct reports using this query:
(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2)(directReports=*))
Then you can open each found user, go to the Organization tab and look at the list of direct reports, double click on each and change the manager.