Retrieve Microsoft 365 Managers Using Graph PowerShell

Managing users in a Microsoft 365 environment often involves identifying team leaders or managers and the direct reports they oversee. As an administrator, you may need a way to list all managers within your tenant along with their details and the number of direct reports. In this article, we will present a Microsoft Graph PowerShell script to help you retrieve a list of managers, their User Principal Names (UPN), and the number of direct reports they have.

This script will make use of the Get-MgUser cmdlet with the -ExpandProperty parameter to fetch the necessary details in a tabular format. Let’s dive into the script, explain how it works, and explore potential enhancements.

The Script

# Connect to Microsoft Graph (if not already connected)
Connect-MgGraph -Scopes "User.Read.All"

# Query all users to check who has direct reports by expanding the 'directReports' property
$users = Get-MgUser -All -Property displayName userPrincipalName -ExpandProperty directReports

# Create an array to store the results
$results = @()

# Loop through each user to check if they have direct reports
foreach ($user in $users) {
    # Check if the user has any direct reports
    if ($user.directReports.Count -gt 0) {
        # Add the manager details to the results array
        $results += [pscustomobject]@{
            "Manager Name" = $user.displayName
            "User Principal Name" = $user.userPrincipalName
            "No. of Direct Reports" = $user.directReports.Count
        }
    }
}

# Output the results in a table format
$results | Format-Table -AutoSize

Script Explanation

  • Connect-MgGraph: Before we can interact with Microsoft Graph, we must authenticate. The Connect-MgGraph cmdlet allows you to connect with the necessary permissions to retrieve user details. In this case, we use the "User.Read.All" scope to read all users in the tenant.
  • Get-MgUser with -ExpandProperty: The Get-MgUser cmdlet is used to retrieve all users in the tenant. To access the directReports property (which contains details about each user's direct reports), we need to use the -ExpandProperty directReports parameter. Without expanding this property, you wouldn’t be able to access the direct reports in the result set.
  • Storing Results: An empty array $results is created to store the information for each manager. For each user who has direct reports (i.e., the directReports count is greater than zero), we store their details, including their display name, UPN, and the number of direct reports.
  • Output Formatting: The final output is displayed in a tabular format using the Format-Table cmdlet. This ensures that the data is easy to read and interpret.

Further Enhancements

  • Exporting Results: You can export the results to a CSV file for further analysis or reporting using the Export-Csv cmdlet:
  • $results | Export-Csv -Path "ManagersWithDirectReports.csv" -NoTypeInformation
  • Filtering Managers by Department: You might want to filter the list of managers based on their department. To do this, add a filter condition before storing the results:
  • $users = Get-MgUser -All -Property displayName userPrincipalName department -ExpandProperty directReports | Where-Object { $_.department -eq "Sales" }

    This would list only the managers in the "Sales" department.

Possible Errors & Solutions

Error: Not Authorized to Access Data

Cause: This happens if you don’t have the necessary permissions (scopes) when connecting to Microsoft Graph.

Solution: Make sure you use the correct permissions when connecting to Microsoft Graph. For this script, the "User.Read.All" permission is required. Also, ensure your account has the necessary admin privileges to access user data.

Error: "Property 'directReports' Not Found"

Cause: This occurs if the directReports property is not expanded properly.

Solution: Ensure that you are using the -ExpandProperty directReports parameter in the Get-MgUser cmdlet. Without this, the directReports property won’t be accessible in the result set.

Error: Empty Output

Cause: This could occur if no users have direct reports or if the query didn’t return any data.

Solution: Check if the tenant has users with direct reports. You might also want to verify your connection to Microsoft Graph and ensure there are users with direct reports in your tenant.

Conclusion

This PowerShell script provides a simple yet powerful way to list all managers in your Microsoft 365 tenant and display their details in a tabular format. By leveraging Microsoft Graph, you can easily extend this script to add more functionality such as filtering by department, exporting the results, or sending automated emails. This script is a great tool for administrators who want to streamline reporting and management tasks related to user roles and hierarchies.

© m365corner.com. All Rights Reserved. Design by HTML Codex