VBScript program to document the organizational restructure specified by the manager and directReports
attributes of Active Directory objects. On the "Organization" tab of the
user properties dialog in Active Directory Users and Computers you can specify a Manager for the user
or contact. This assigns the Distinguished Name (DN) of the person selected to the manager attribute
of the user object. This single-valued DN attribute is linked to the directReports multi-valued DN
attribute of the corresponding manager.
For example, if you assign the user "cn=Jim Smith" as the manager for users "cn=Sam Jones" and "cn=Sally Wilson", then the manager attributes of users "cn=Sam Jones" and "Sally Wilson" will be the DN of user "cn=Jim Smith". In addition, the directReports attribute of user "Jim Smith" will have the two DN's for "cn=Sam Jones" and "cn=Sally Wilson" added.
User, contact, and computer objects all have a manager attribute. User, contact, computer, group, organizationalUnit, container, and domain objects all have the directReports attribute. This means, for example, that you can assign the DN of a group as the manager of a user. However, since ADUC does not allow this, you would need to use a tool like ADSI Edit to assign the group DN value to the manager attribute. Once you do this, Active Directory will automatically assign the correct DN to the directReports attribute of the group.
This program first uses ADO to find all manager objects at the top of the organizational structure. These are objects (possibly only one) which have one or more values assigned to the directReports attribute, but no value assigned to the manager attribute. For each such object the program recursively documents the directReports. The hierarchy of the organization is indicated by indenting. All objects reporting to any manager are indented below the manager. Only Distinguished Names are output.
The program can be run at a command prompt with the cscript host so the output can be redirected to a text file.
The program will ignore any "circular" organizational structures. For example, if Jim reports to Bob, Bob reports to Frank, and Frank reports to Jim, we have a "circular" structure. Active Directory will allow you to do this, but it makes little sense in the real world. The program will ignore the situation because none of the people are at the top of any organizational hierarchy. That is, none of the people has direct reports but no manager assigned.
Organization.txt <<-- Click here to view or download the program
An equivalent PowerShell script is also provided.
PSOrganization.txt <<-- Click here to view or download the program