stackoom
  简体   繁体   中英

Getting ADUser's manager when that manager is a contact. not an account

 原文  2021-11-09 15:07:15       powershell/ active-directory

Question

I have a script running to get all accounts and their managers and output to a csv. I'd like to get the Manager's employeeID and UserPrincipalname

This works fine for Managers which are accounts, but sometimes a person's manager is a contact, because they are managed by someone from a different office (not in our local AD).

Get-ADUser -SearchBase "ou=accounts,ou=production,dc=int" -filter * -properties * | select  GivenName, Name, Surname, UserPrincipalName, employeeID, @{Name='AccountExpirationDate';Expression={$_.AccountExpirationDate.ToString("yyyy/MM/dd")}}, Department, Title, @{Name="ManagerID";Expression={(get-aduser -property employeeID $_.manager).employeeID}}, @{Name="ManagerEmail";Expression={(get-aduser -property employeeID $_.manager).UserPrincipalname}} |  Export-CSV -Path C:\Users\ME\Desktop\ALL_AD_Accounts_HQ.csv

I know I can get contacts with something like the following:

Get-ADObject -Filter 'employeeID -eq "001" -and objectClass -eq "contact"'

But I can't seem to marry these two concepts. How can I get the user's manager info if it's a contact and not an account?

Thanks!

1 answers

solution1
 0  2021-11-09 16:32:26

You wouldn't get all of this as a one-liner (unless you love crazy long lines of code..), but I would loop over the found users to do something like below:

# Get-ADUser by default returns these properties:
# DistinguishedName, Enabled, GivenName, Name, ObjectClass, ObjectGUID, SamAccountName, SID, Surname, UserPrincipalName

$allUsers = Get-ADUser -SearchBase "ou=accounts,ou=production,dc=int" -Filter * -Properties Department, Title, EmployeeID, AccountExpirationDate, Manager
foreach ($user in $allUsers) {
    # create an empty Hashtable for the two manager properties
    $manager = @{ID = $null; Email = $null }
    if (![string]::IsNullOrWhiteSpace($user.Manager)) {
        # try and get an ADObject from the Manager property (= DistinguishedName)

        # Get-ADObject by default returns these properties:
        # DistinguishedName, Name, ObjectClass, ObjectGUID

        # if you're worried about distinghuishedName containing characters like a single quote (O'Brian)
        # you can use the -Identity parameter:
        try { $mgrObject = Get-ADObject -Identity $user.Manager -Properties mail, EmployeeID -ErrorAction Stop }
        catch {$mgrObject = $null}

        # using the -Filter would not need a try{..} catch{..}
        # $mgrObject = Get-ADObject -Filter "DistinguishedName -eq '$($user.Manager)'" -Properties mail, EmployeeID -ErrorAction SilentlyContinue

        if ($mgrObject) {
            # test if this is a contact or a user object
            switch ($mgrObject.objectClass) {
                'user'    { 
                    # if it's a user, perform another Get-ADUser call
                    $mgr = $mgrObject | Get-ADUser -Properties EmployeeID, EmailAddress
                    $manager['ID']    = $mgr.EmployeeID
                    $manager['Email'] = $mgr.EmailAddress  # or if you prefer UserPrincipalName
                }
                'contact' {
                    # if it's a contact use the properties we already have in the $mgrObject
                    $manager['ID']    = $mgrObject.EmployeeID
                    $manager['Email'] = $mgrObject.mail

                }
            }        
        }
    }
    # output an object with all properties you want in the csv
    $user | Select-Object  GivenName, Name, Surname, UserPrincipalName, EmployeeID, 
                           @{Name='AccountExpirationDate';Expression={$_.AccountExpirationDate.ToString("yyyy/MM/dd")}}, 
                           Department, Title, 
                           @{Name="ManagerID";Expression={$manager['ID']}},
                           @{Name="ManagerEmail";Expression={$manager['Email']}}
}

# output the results to CSV file
$result | Export-CSV -Path 'C:\Users\ME\Desktop\ALL_AD_Accounts_HQ.csv' -NoTypeInformation

AFAIK these are all properties you can get for contacts using Get-ADObject: 

CanonicalName, Description, DisplayName, DistinguishedName
givenName, legacyExchangeDN, mail, Name, initials, sn, targetAddress
Title, Department, Division, Company, EmployeeID, EmployeeNumber
StreetAddress, PostalCode, telephoneNumber, HomePhone, mobile, pager, ipphone
facsimileTelephoneNumber, l, st, cn, physicalDeliveryOfficeName, co
mailnickname, proxyAddresses, msExchRecipientDisplayType
msExchRecipientTypeDetails, msExchRemoteRecipientType, info

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Set-ADUser -Manager entity with Contact PowerShell Get-ADUser Filter manager empty powershell get-aduser where manager -eq disabled how to check “ADUser is manager of ADGroup” from powershell comand? User's Manager Validation Return department of user's manager? Local System Account and Windows Credential Manager Get AD users’ manager and primary group that is associated with a user's manager Return manager's samacountname for users Updating AD User Object Manager Attribute With Contact DN
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM