powershellautomationactive-directoryaudit

Pull of AD users managers name and email to existing script powershell script

I currently have a script which I am trying to alter, which is able to pull of from AD groups Usernames, Name, Email and Managers:

$ou = 'OU=OUoftheADgroups,OU=My,DC=Domain,DC=net'
Get-ADGroup -Filter * -SearchBase $ou -Properties Description | ForEach-Object {
   $params = @{
       LDAPFilter = '(memberof={0})' -f $_.DistinguishedName
       Properties = 'mail', 'manager'
   }
   foreach($member in Get-ADUser @params) {
       [pscustomobject]@{
           Username       = $member.SamAccountName
           Name           = $member.Name
           Mail           = $member.Mail
           Manager        = $member.Manager
           GroupName      = $_.Name
       }
   }
} | Export-csv C:\Users\TestUser\Desktop\NameOfMyFile.csv -NoTypeInformation

The problem is the manager details is it pull off is just displaying the managers distinguishedName name e.g. CN=Manager1,CN=Users,DC=My,DC=Domain,DC=net

I have been looking online and try to get this working but unable to do so.

I have been looking online managed to find a script which audit a single AD groups rather than an OU (found via https://forums.powershell.org/t/getaduser-need-manager-name-and-email-in-results/16471/4)

$adGroupList = 'BI_FINANCE_FULL','BI_FIN_EXP_FACILITIES_FULL_R1'
$results = foreach ($group in $adGroupList) {
    Get-ADGroupMember -identity $group -Recursive | 
        Get-ADUser -Properties * | 
            Select-Object @{Name='Group';Expression={$group}},
                   displayname,
                   name,
                   employeeID,
                   Department,
                   title,
                   physicalDeliveryOfficeName,
                   Manager,
                   @{Name='ManagerName';Expression={Get-ADUser -Identity $_.Manager | Select-Object -ExpandProperty DisplayName}},
                   sAMAccountName,
                   givenName,
                   surname,
                   UserPrincipalName
}

$results | Export-Csv -Append “C:\temp\GetADGroupMember4.csv” -NoTypeInformation -Encoding UTF8

UPDATE 1

Just ran the script above and the same issue occurs with that also, managers details is supplied as but the managername field is blank and the managers field is distinguishedName (same as my script above)

UPDATE 2

I have modified the code as requested (probably done this wrong):

$ou = 'OU=OUoftheADgroups,OU=My,DC=Domain,DC=net'
Get-ADGroup -Filter * -SearchBase $ou -Properties Description | ForEach-Object {
   $params = @{
       LDAPFilter = '(memberof={0})' -f $_.DistinguishedName
       Properties = 'mail', 'manager'
   }
   foreach($member in Get-ADUser @params) {
    Manager = (Get-ADuser $member.Manager).DisplayName 
       [pscustomobject]@{
           Username       = $member.SamAccountName
           Name           = $member.Name
           Mail           = $member.Mail
           Manager        = $member.Manager
           GroupName      = $_.Name
       }
   }
} | Export-csv C:\Users\TestUser\Desktop\NameOfMyFile.csv -NoTypeInformation

When trying to run the code I get the following error:

Manager : The term 'Manager' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or 
if a path was included, verify that the path is correct and try again.
At C:\Users\TestUser\Desktop\Audit.ps1:9 char:5
+     Manager = (Get-ADuser $member.Manager).DisplayName
+     ~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Manager:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

I have tried to put add code Manager = (Get-ADuser $member.Manager).DisplayName to other areas of hte code but still fails

Update 3

I did try that but as I tried placing the line of code in different areas I didn't to post loads of uncessary code.

Made the change you requested and got this error message:

Get-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null. Provide a valid value for the argument, and then try running the 
command again.
At C:\Users\TestUser\Desktop\Audit.ps1:13 char:42
+             Manager        = (Get-ADUser $member.Manager).DisplayName
+                                          ~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser

Update 4

The script now works but the manager display name is not being pulled from AD into the CSV:

Manager Name not being displayed in CSV

UPDATE

Seems like it is only pull one manager of AD and repeating for all users:

enter image description here

Solution

  • The first code snippet is correct, you just need to query AD to get the manager's Display Name from $member.Manager (the manager's Distinguished Name). Some user's might not have a manager assigned so you can simply add a condition that checks if the .Manager attribute is populated. The could would be:

    $ou = 'OU=OUoftheADgroups,OU=My,DC=Domain,DC=net'
Get-ADGroup -Filter * -SearchBase $ou -Properties Description | ForEach-Object {
    $params = @{
        LDAPFilter = '(memberof={0})' -f $_.DistinguishedName
        Properties = 'mail', 'manager'
    }

    foreach ($member in Get-ADUser @params) {
        $manager = if ($member.Manager) {
            (Get-ADUser $member.Manager -Properties DisplayName).DisplayName
        }
        else {
            'No manager assigned in AD'
        }

        [pscustomobject]@{
            Username  = $member.SamAccountName
            Name      = $member.Name
            Mail      = $member.Mail
            Manager   = $manager
            GroupName = $_.Name
        }
    }
} | Export-Csv C:\Users\TestUser\Desktop\NameOfMyFile.csv -NoTypeInformation