Get-ADGroupMember and Sort by Manager

This topic contains 6 replies, has 5 voices, and was last updated by Profile photo of Jarkko Vepsäläinen Jarkko Vepsäläinen 6 days, 11 hours ago.

  • Author
    Posts
  • #59104
    Profile photo of Mike Camero
    Mike Camero
    Participant

    Hello All,

    I'm looking to get all members of an AD group and sort users by manager. It would be even better if somehow we could pipe to out-file for either text file or csv, creating a separate file depending on who their manager is.

    So if I have an AD group with 99 users and they're split evenly between 3 managers, the output would be 3 txt or csv files, 1 for each manager that would list the 33 users under them.

    Get-ADGroupMember -Identity 'GroupName' | Get-ADUser -Properties Name,Manager

    That is all I have so far... not much I know.

    I've tried using ForEach-Object without success. I've tried Sort-Object without success. I've tried Select-Object without success.

    And when I run the code above, it returns more properties than just Name and Manager.

    Thank you in advance!

  • #59113
    Profile photo of Olaf Soyk
    Olaf Soyk
    Participant
    Get-ADGroupMember -Identity 'GroupName' | Get-ADUser -Properties Name,Manager | Select-Object -Property Name,Manager | Sort-Object -Property  Manager,Name

    Of course you can pipe this to whatever you like. Foreach-Object to split it by Manager, Out-File, Export-CSV ....

  • #59121
    Profile photo of Fredrik Kacsmarck
    Fredrik Kacsmarck
    Participant

    Worth noting is that the "Manager" attribute on the AD-user is the managers distinguishedname.
    So depending on the output you want, you may need some extra code (e.g. calling get-aduser with the manager DN).

  • #59154

    Hi

    Maybe something like this could help. After that you can Export or sort the $collection how you want.

    $collection = New-Object System.Collections.Generic.List[System.Object]
    
        $Group = "ADGroup1"
        $infos = Get-ADGroupMember -Identity $Group | Get-ADUser -Properties Name,Manager
    
        ForEach ($info in $infos) {
    
            $Obj = @{User = $info.Name
                     Manager = Get-ADUser -Identity $info.Manager | select -ExpandProperty SamAccountName
                     Group = $Group
                    }
            $out = New-Object -TypeName psobject -Property $Obj
    
            $collection.Add($out)
        }
    
    
    $collection | Sort-Object -Property Manager, Name
    

    I created 100 ADGroups and tried to get list of all of them and this worked nicely.

    $ii = 1..100
    
    ForEach ($i in $ii) {
    
        $Group = "ADGroup$i"
        $infos = Get-ADGroupMember -Identity $Group | Get-ADUser -Properties Name,Manager | Select-Object -Property Name,Manager
    
        ForEach ($info in $infos) {
    
            $Obj = @{User = $info.Name
                     Manager = Get-ADUser -Identity $info.Manager | select -ExpandProperty SamAccountName
                     Group = $Group
                    }
            $out = New-Object -TypeName psobject -Property $Obj
    
            $collection.Add($out)
        }
    }
    
    $collection | Sort-Object -Property Manager, Name
    

    Jake

  • #59176
    Profile photo of Mike Camero
    Mike Camero
    Participant

    Thank you Jarkko Vepsäläinen! This is just about exactly what I was looking for.

    Just for background, our main goal was to create SCCM collections based on AD groups and we wanted to make groups per manager... he simultaneously burst my bubble and blew my mind as we were able to create query based collections querying the manager attribute in AD.

    Thank you very much though as this will help in the future.

  • #59187
    Profile photo of Ron
    Ron
    Participant

    Just a heads up, you are working on the assumption that your groups contain only users, and that your managers are all users. It is better to use get-adobject, confirm the object type if necessary, or skip them if not relevant.

  • #59188

    Hi

    Yes Ron, Good point.

    This should fix it so it only get's user accounts.

    $infos = Get-ADGroupMember -Identity $Group | Where {$_.ObjectClass -eq 'user'} | Get-ADUser -Properties Name,Manager | Select-Object -Property Name,Manager

    Note that if there's nested Groups this won't show those, those needs to be get otherwise.

    Jake

You must be logged in to reply to this topic.