Fetching Users Without Assigned Managers using Graph PowerShell
In Microsoft 365, it is essential to ensure that all users have an assigned manager for proper organizational hierarchy, approvals, and workflow processes. However, some users might not have a designated manager, which can cause issues in automated approval workflows, security compliance, and reporting structures. This article provides a Graph PowerShell script to fetch all users in the tenant who do not have an assigned manager and list their UserPrincipalName (UPN).
PowerShell Script to Fetch Users Without Assigned Managers
# Connect to Microsoft Graph (Ensure you have necessary permissions)
Connect-MgGraph -Scopes "User.Read.All"
# Fetch all users from the tenant
$users = Get-MgUser -All -Property Id, UserPrincipalName
# Initialize an array to store users without managers
$usersWithoutManagers = @()
# Loop through each user to check if they have a manager
foreach ($user in $users) {
try {
# Attempt to get the Manager ID
$managerId = (Get-MgUserManager -UserId $user.Id -ErrorAction Stop).Id
} catch {
# If the command fails, it means the user does not have a manager
$usersWithoutManagers += [PSCustomObject]@{
UserUPN = $user.UserPrincipalName
}
}
}
# Display the results in console
$usersWithoutManagers | Format-Table -AutoSize
How the Script Works
- Connect to Microsoft Graph API: The script starts by authenticating to Microsoft Graph with the required permissions.
- Fetches All Users: Get-MgUser retrieves all users in the tenant, specifically their Id and UserPrincipalName.
- Attempts to Get Manager Information: The script loops through each user and runs Get-MgUserManager.
- Identifies Users Without a Manager: If the Get-MgUserManager command fails (which happens when a user has no assigned manager), the user is added to the list of users without managers.
- Displays the Data: The script outputs the results in a formatted table for easy viewing.
Further Enhancements
The script can be enhanced in several ways to fit specific administrative needs:
- Export to CSV for Reporting: Store the list of users without managers for further analysis.
$usersWithoutManagers | Export-Csv -Path "C:\Users\UsersWithoutManagers.csv" -NoTypeInformation -Encoding UTF8 - Filter Users by Department or Job Role: Identify users in a specific department who lack a manager.
$filteredUsers = Get-MgUser -All -Filter "department eq 'HR'" -Property Id, UserPrincipalName - Assign Managers in Bulk: Use Set-MgUserManager to update manager assignments.
Set-MgUserManager -UserId user@contoso.com -ManagerId manager@contoso.com - Automate the Script for Regular Audits: Schedule the script to run periodically and send an email notification if any users do not have an assigned manager.
Use Cases
- HR & IT Administration: HR and IT teams can use this script to identify users who lack a designated manager and take corrective action.
- Security & Compliance: Certain security policies require that every user has an assigned manager. This script ensures compliance by identifying exceptions.
- Approval Workflows: Many business processes require manager approvals. This script helps administrators find and assign missing managers to ensure smooth workflow automation.
- User Auditing & Governance: Companies with strict governance policies can use this script to regularly audit the organizational structure and keep it up to date.
- Custom Reporting Dashboards: The data from this script can be integrated into Power BI or other reporting tools for visualization and tracking.
Possible Errors & Solutions
| Error | Cause | Solution |
| Get-MgUserManager : NotFound | User has no assigned manager | The script correctly logs such users into the report |
| Access Denied | Insufficient permissions | Ensure User.Read.All permissions are granted |
| Cannot retrieve user properties | Incorrect property reference | Ensure correct property names are used in Get-MgUser |
Conclusion
This Graph PowerShell script efficiently fetches all tenant users without assigned managers, helping administrators ensure that the organization’s reporting structure is correctly configured. By leveraging Microsoft Graph API, this script improves security compliance, workflow automation, and HR governance. Administrators can further enhance it by exporting reports, filtering users, and bulk updating manager assignments. Try it out and optimize your Microsoft 365 user management today!