This is a PowerShell version 1.0 script to document the organizational structure specified by the manager and directReports attributes of Active Directory objects. On the "Organization" tab of the user properties dialog in the Active Directory Users and Computers MMC you can specify a manager for a user or contact. This assigns the distinguished name of the manager selected to the manager attribute of the user. This single-valued DN attribute is linked to the directReports multi-valued DN attribute of the corresponding manager.
For example, if you assign user "cn=Jim Smith" as the manager for users "cn=Sam Jones" and "cn=Sally Wilson", then the manager attributes of users "cn=Sam Jones" and "cn=Sally Wilson" will be the distinguished name of user "cn=Jim Smith". In addition, the system will add the distinguished names of "cn=Sam Jones" and "cn=Sally Wilson" to the directReports attribute of user "Jim Smith".
The manager attribute applies to objects of class user, contact, and computer. The directReports attribute applies to objects of class user, contact, computer, group, organizationalUnit, container, and domain. This means, for example, that you can assign the DN of a group as manager of a user. However, since ADUC does not provide for this, you would need to use a tool like ADSI Edit or a script to assign the group DN to the manager attribute of the user object. Once you do this, Active Directory will automatically update the directReports attribute of the group object. The system does not allow you to modify the directReports attribute directly.
This PowerShell script first finds all managers at the top of any organizational structure in your Active Directory. These are objects (possibly more than one) which have one or more values assigned to the directReports attribute, but no value assigned to the manager attribute. For each such object the program recursively documents the direct reports. The hierarchy of the organization is indicated by indenting. All objects reporting to any manager are indented below the manager.
The program will ignore any "circular" organizational structures. For example, if Jim reports to Bob, Bob reports to Frank, and Frank reports to Jim, we have a "circular" structure. Active Directory will allow you do to this, but it makes no sense in the real world. The script ignores this situation because none of the people involved is at the top of any organization hierarchy. That is, none has direct reports but no manager assigned. If you could also make Jim report to Richard, then Richard would be at the top of an organizational hierarchy. However, Active Directory would not allow this because Jim would then have two managers (Bob and Richard), and the manager attribute is single-valued.
This PowerShell script supports two optional parameters. One specifies the format of the output file created documenting the organization. You can specify -text or -html or -csv (comma delimited). The default is -text. Another optional parameter specifies the name attributes used in the output. If you specify -dn (the default), the output documents distinguished names. If you specify -name, the output documents the common names with the sAMAccountName (also called the pre-Windows 2000 names) in parentheses. Note that if any manager or direct report is a contact, the sAMAccountName will be missing.
The script generates a report in the current directory called Organization.txt if -text is specified, Organization.htm if -html is specified, or Organization.csv if -csv is specified. When the program completes the resulting file is displayed to the user. By default, the *.txt file will be displayed in Notepad, the *.htm file will be displayed in your default browser, and the *.csv file will be displayed in Excel (if installed on the local computer).
ADOrganization.txt <<-- Click here to view or download the program