Using Get-MgUser with Get-MgUserManager: Map Your Organizational Hierarchy

Mapping organizational hierarchies is crucial for maintaining efficient workflows in Microsoft 365. The Get-MgUserManager cmdlet retrieves the manager details for a user, but it only provides the manager's User ID by default. To get additional information, such as Display Name, User Principal Name (UPN), and Email, you can pass the manager's ID to the Get-MgUser cmdlet. This article provides a working example to simplify the process of mapping users to their managers.

Script: Retrieve and Display Detailed Group Member Information

# Retrieve all users in the 'Sales' department
$users = Get-MgUser -Filter "Department eq 'Sales'" -All
                                
foreach ($user in $users) {
        # Get the manager's User ID
        $managerId = (Get-MgUserManager -UserId $user.Id).Id
                                
        # Get detailed information about the manager
        $manager = Get-MgUser -UserId $managerId
                                
        # Output user and manager details as a custom object
        [PSCustomObject]@{
            UserId             = $user.UserPrincipalName
            ManagerId          = $manager.Id
            ManagerDisplayName = $manager.DisplayName
            ManagerUPN         = $manager.UserPrincipalName
            ManagerMail        = $manager.Mail
        }
}
                                

Script Output:

Explanation of the Script

  1. Retrieve Users: The script starts by retrieving all users from the "Sales" department using the -Filter parameter with the Get-MgUser cmdlet.
  2. $users = Get-MgUser -Filter "Department eq 'Sales'" -All
  3. Fetch Manager IDs: The Get-MgUserManager cmdlet retrieves the manager's User ID for each user. This ID is then used in the next step to fetch more details.
  4. $managerId = (Get-MgUserManager -UserId $user.Id).Id
  5. Retrieve Manager Details: The manager’s User ID is passed to Get-MgUser to fetch properties such as Display Name, UPN, and Email.
  6. $manager = Get-MgUser -UserId $managerId
  7. Output Results: The details of both the user and their manager are stored in a custom object, making the results easy to process or export.

Possible Errors & Solutions

Error Cause Solution
Insufficient privileges to complete the operation. Missing permissions like User.Read.All or User.Read.All. Grant the necessary permissions in Azure AD or use a Global Admin account.
The specified object was not found in the directory. A user does not have a manager assigned. Add a check to skip users without managers
if ($managerId -ne $null) {
$manager = Get-MgUser -UserId $managerId
# Continue processing...
} else {
    Write-Warning "No manager found for user: $($user.UserPrincipalName)"
}
                                        
Invalid filter clause. Incorrect syntax in the filter query. Verify that the Department property exists and the query syntax is correct.

Use Cases

  • Create Organizational Reports: Export data showing users, their managers, and reporting lines for organizational insights.
  • Troubleshoot Access Issues: Quickly identify a user's manager to resolve escalations or permissions-related concerns.
  • Audit Reporting Structures: Ensure all users have assigned managers and identify any missing links in the hierarchy.

Conclusion

Combining Get-MgUserManager and Get-MgUser provides a powerful way to map organizational hierarchies in Microsoft 365. By retrieving detailed manager information for users, you can create actionable reports, troubleshoot access issues, and maintain an accurate view of reporting structures. Start using this approach today to enhance your administrative workflows.

© m365corner.com. All Rights Reserved. Design by HTML Codex