DirectorySearcher to find all entries with a specific manager

Question

I want to find all AD entries with a specific manager through PowerShell. How do I need to set the filter?

Lets say we have the following organisation: usera is the manager of userb , userc and userd

So I want the filter to return usera, userb, userc and userd.

$ADS = New-Object System.DirectoryServices.DirectorySearcher
$ADS.Filter = "(|(cn=usera)(manager=*CN=usera*))"
$Results = $ADS.FindAll()
$Results.Count

$ADS.Filter = "(|(cn=usera)(manager=*usera*))"
$Results = $ADS.FindAll()
$Results.Count

$ADS.Filter = "(|(cn=usera)(manager=usera))"
$Results = $ADS.FindAll()
$Results.Count

The results are always empty. But if I copy the full distinguishedname-property from usera into the filter it works. The Problem is, I normaly don't have this value when I start my script so I would have to make another query first before I can start my actual query which I would like to avoid (example below).

$ADS = New-Object System.DirectoryServices.DirectorySearcher
$ADS.Filter = "(cn=usera)"
$Result1 = $ADS.FindOne()
$ADS.Filter = "(|(cn=usera)(manager=$($Result1.Properties.distinguishedname)))"
$Results = $ADS.FindAll()
$Results.Count

Output: 4

Answer 1

Why would the manager property point to a DN? Wouldn't the real manager property be a SID? Maybe some conversion is occurring during the query.