M365Corner
M365 PowerShell

List Microsoft 365 Managers Using Graph PowerShell

In a Microsoft 365 environment, identifying who manages whom is essential for org chart reviews, reporting hierarchies, workflow automation, and compliance. Fortunately, you can use Microsoft Graph PowerShell to fetch a list of all users assigned as managers and display their essential attributes.

This article walks you through a script that extracts all tenant managers and lists their:

  • DisplayName
  • UserPrincipalName
  • Email
  • License Status
  • Sign-in Status

The Script: Fetch All Managers in Microsoft 365 Tenant

# Connect to Microsoft Graph
Connect-MgGraph -Scopes "User.Read.All", "Directory.Read.All"
                                
# Get all users in the tenant
$allUsers = Get-MgUser -All -Property Id, Manager
                                
# Use a hashset to track unique manager IDs
$managerIds = [System.Collections.Generic.HashSet[string]]::new()
                                
# Collect manager IDs from each user's manager reference
foreach ($user in $allUsers) {
try {
$manager = Get-MgUserManager -UserId $user.Id -ErrorAction SilentlyContinue
if ($manager -and $manager.Id) {
$managerIds.Add($manager.Id) | Out-Null
}
} catch {
# Skip users with no manager
}
}
                                
# Prepare results list
$results = @()
                                
# Fetch manager details and output required fields
foreach ($managerId in $managerIds) {
try {
$mgr = Get-MgUser -UserId $managerId -Property DisplayName, UserPrincipalName, Mail, AccountEnabled, AssignedLicenses
                                
$results += [PSCustomObject]@{
DisplayName        = $mgr.DisplayName
UserPrincipalName  = $mgr.UserPrincipalName
Email              = $mgr.Mail
LicenseStatus      = if ($mgr.AssignedLicenses.Count -gt 0) { "Licensed" } else { "Unlicensed" }
SignInStatus       = if ($mgr.AccountEnabled) { "Allowed" } else { "Denied" }
}
} catch {
Write-Warning "Unable to retrieve data for manager with ID $managerId"
}
}

# Display the results
if ($results.Count -eq 0) {
Write-Host "No managers found in the tenant." -ForegroundColor Yellow
} else {
$results | Sort-Object DisplayName | Format-Table -AutoSize
}

How the Script Works


Required Permissions

Make sure you connect with these delegated permissions: User.Read.All and Directory.Read.All

These are needed to: i) Enumerate all users, ii) Resolve their manager relationships, and iii) Query individual manager (user) properties

Step-by-Step Breakdown

  1. Fetch All Users

    2. The script retrieves every user in the tenant using Get-MgUser.

  2. Identify Managers

    3. It calls Get-MgUserManager on each user and collects manager IDs in a unique hashset to avoid duplicates.

  3. Retrieve Manager Details

    4. For each unique manager ID, the script gathers:

    • DisplayName
    • UserPrincipalName
    • Mail
    • AssignedLicenses
    • AccountEnabled
  4. Build the Report

    5. It builds a formatted output showing each manager’s license status and whether their sign-in is allowed.

The output is formatted into a clean table for review or export.


Further Enhancements

You can take this script further by:

  • Exporting to CSV 
    • $results | Export-Csv -Path "TenantManagers.csv" -NoTypeInformation
  • Grouping by Department or Location

    • Add additional user attributes like Department, OfficeLocation, etc., for grouped reporting.

  • Reverse Lookup

    • Optionally list who reports to each manager (requires building a nested lookup from user-manager relationships).

  • Filter Active Managers Only

    • Filter by AccountEnabled or SignInActivity to get only actively used manager accounts.


Possible Errors & Solutions

Error Cause Solution
Access Denied Missing permissions Use User.Read.All and Directory.Read.All when calling Connect-MgGraph
No manager found or null result Some users don’t have a manager assigned The script gracefully skips these records
Unable to retrieve data for manager with ID... Manager may have been deleted or soft-deleted Check directory cleanup policies or use soft-delete-aware retrieval
Too many requests (throttling) Large tenant causing rate limits Introduce throttling delay or batch requests (if needed)

Use Cases

This script is especially useful for:

  • Organizational Hierarchy Review

    • Identify managers across departments or geographies.

  • Access & Role Audits

    • Validate who holds managerial authority in security or admin workflows.

  • Directory Cleanup

    • Detect inactive or unlicensed managers that may need reassignment.

  • Automation

    • Use the list to drive manager-based flows in Microsoft Power Automate or approval systems.


Conclusion

Identifying all manager accounts in your Microsoft 365 tenant is vital for managing workflows, access control, and accurate reporting structures. This script, powered by Microsoft Graph PowerShell, gives you a reliable, permission-respecting way to surface that information in seconds.

By exporting or automating this output, you can stay ahead of compliance, security, and operational oversight requirements.


Table of Contents

X

Table of Contents

Graph PowerShell Explorer Widget

20 Graph PowerShell cmdlets with easily accessible "working" examples.


Permission Required

Example:


                

                

                

                

                

            

        

    


 
            

        

    

    
    
    
    

        

            © m365corner.com. All Rights Reserved.
            Design by HTML Codex