m365Corner
Home / M365 PowerShell / Get-MgUserDirectReport
M365 PowerShell

Using Get-MgUserDirectReport in Graph PowerShell

The Get-MgUserDirectReport cmdlet is a powerful tool within the Microsoft Graph PowerShell module that allows administrators to retrieve a list of users who report directly to a specified user. This cmdlet can be instrumental in managing organizational hierarchies, generating reports, and ensuring compliance with company policies.

In this article, we will delve into the syntax, usage examples, common use cases, and potential errors along with their solutions.

Cmdlet Syntax

The basic syntax for the Get-MgUserDirectReport cmdlet is as follows:

Get-MgUserDirectReport -UserId <String> [-ExpandProperty <String[]>] [-Property <String[]>] [<CommonParameters>]
  • -UserId: Specifies the ID or user principal name of the user.
  • -ExpandProperty: Expands related entities inline.
  • -Property: Specifies which properties of the retrieved objects should be returned.

Least permission required: User.Read.All


Usage Examples

Example 1: Retrieve Direct Reports of a Specific User

Get-MgUserDirectReport -UserId "samadmin@7xh7fj.onmicrosoft.com"

This command retrieves a list of users who report directly to Sam Admin.

Example 2: Retrieve Full User Details for Each Direct Report

# Retrieve the direct reports of the user
$directReports = Get-MgUserDirectReport -UserId "samadmin@7xh7fj.onmicrosoft.com"

# Check if any direct reports are returned
if ($directReports.Count -gt 0) {
# Loop through each direct report and retrieve full user details
$directReports | ForEach-Object {
$userId = $_.Id
$user = Get-MgUser -UserId $userId
[PSCustomObject]@{
    DisplayName = $user.DisplayName
    JobTitle    = $user.JobTitle
}
} | Format-Table -AutoSize
} else {
Write-Host "No direct reports found for the specified user."

This command fetches the direct reports of Sam Admin, retrieves the full user details for each direct report, and displays the DisplayName, JobTitle properties.

Example 3: Export a Manager’s Direct Reports to CSV


Connect-MgGraph -Scopes "User.Read.All"
$ManagerId = "samadmin@7xh7fj.onmicrosoft.com"
$ExportPath = "C:\Reports\ManagerDirectReports.csv"
$DirectReports = Get-MgUserDirectReport -UserId $ManagerId
$Report = foreach ($DirectReport in $DirectReports) {
    $UserId = $DirectReport.Id
    if ($UserId) {
        $User = Get-MgUser -UserId $UserId -Property DisplayName,UserPrincipalName,JobTitle,Department,Mail
        [PSCustomObject]@{
            Manager              = $ManagerId
            DirectReportName     = $User.DisplayName
            UserPrincipalName    = $User.UserPrincipalName
            Mail                 = $User.Mail
            JobTitle             = $User.JobTitle
            Department           = $User.Department
        }
    }
}
$Report | Export-Csv -Path $ExportPath -NoTypeInformation
Write-Host "Direct reports exported to $ExportPath"

What this script does

This script retrieves a manager’s direct reports, enriches each result with user details, and exports the output to a CSV file.

Why this example is useful

This is useful for HR validation, manager reviews, org chart documentation, access reviews, and checking whether reporting relationships are correctly configured in Microsoft Entra ID.

Cmdlet Tips

  • Only direct reports are returned — use recursion to map full org hierarchies.
  • Ensure the manager is assigned using Set-MgUserManagerByRef; otherwise, results may be empty.
  • Combine with Select-Object to extract properties like DisplayName, UserPrincipalName, or JobTitle.
  • Pair with Get-MgUser to enrich results with additional user details if needed.

Use Cases

  • Organizational Hierarchies: Maintain and verify organizational structures by identifying direct reports.
  • Performance Reviews: Generate reports for managers to conduct performance reviews of their direct reports.
  • Compliance: Ensure that reporting structures comply with company policies and industry regulations.
  • Data Integration: Integrate direct reports data into HR systems for enhanced data consistency and reliability.

Frequently Asked Questions

  • Does Get-MgUserDirectReport return indirect reports?

    • No. Get-MgUserDirectReport returns only users who report directly to the specified manager. It does not return second-level or lower-level reports.

  • Can I export a user’s direct reports to CSV?

    • Yes. Store the direct reports in a variable, enrich the data with Get-MgUser, and then pipe the result to Export-Csv.

    
$DirectReports = Get-MgUserDirectReport -UserId "manager@domain.com"
$DirectReports | Export-Csv "C:\Reports\DirectReports.csv" -NoTypeInformation
  • Why does Get-MgUserDirectReport return no users?

    • The most common reason is that no manager relationship is configured for users under that manager. Use Get-MgUserManager to verify manager assignment or Set-MgUserManagerByRef to configure it.

  • Can I use a user principal name with Get-MgUserDirectReport?

    • Yes. The -UserId parameter accepts either the user’s object ID or user principal name.

    Get-MgUserDirectReport -UserId "manager@domain.com"
  • What permission is required to retrieve direct reports?

    • The least required delegated permission is usually User.Read.All.

    Connect-MgGraph -Scopes "User.Read.All"

Possible Errors & Solutions

Error Message Solution
User not found Verify that the UserId is correct and that the user exists in the directory. You can use the Get-MgUser cmdlet to confirm the user details:
Get-MgUser -UserId "samadmin@7xh7fj.onmicrosoft.com"
Error: "Insufficient privileges" Ensure that your account has the necessary permissions to retrieve user data. You might need to be a Global Administrator or User Administrator or have appropriate directory roles assigned.
📌 Output Includes Only Direct Reports

The Get-MgUserDirectReport cmdlet fetches only direct reports, not the entire reporting hierarchy.

To retrieve indirect reports (entire org chart), you’ll need to loop through each user’s direct reports recursively using their object IDs.
🛠 Manager Must Be Set in Azure AD

If Get-MgUserDirectReport returns no results, it may be because the user's manager is not assigned in Azure AD.

Use Get-MgUserManager to check the current manager or Set-MgUserManagerByRef to assign one.

Conclusion

The Get-MgUserDirectReport cmdlet is an essential tool for administrators managing organizational hierarchies within Microsoft 365. By leveraging this cmdlet, you can efficiently retrieve and manage direct report information, ensuring better oversight and compliance. Whether generating reports or integrating data, this cmdlet offers the flexibility and power needed for robust user management.

Related Articles:

Using Get-MgDirectoryRole in Graph PowerShell
Using Get-MgUserLicenseDetail in Graph PowerShell
Using Find-GraphMgCommand in Graph PowerShell
Connect to Microsoft 365 Using PowerShell
How to Create Bulk Users in Office 365 Using Graph PowerShell?
Create Microsoft 365 Group Using Microsoft Graph PowerShell
Block Microsoft 365 User Using Microsoft Graph PowerShell
Assign Microsoft 365 License Using Graph PowerShell
Microsoft 365 User Management Using Graph PowerShell
Checking Group Membership in Microsoft 365
Bulk Assign Microsoft 365 License
Find Inactive Users in Microsoft 365
Using Powershell Graph Search Query
Using Powershell Graph Filter Query
Using Where-Object In Graph PowerShell
Using Expand Property In Graph PowerShell
Using Select Object In Graph PowerShell
Using -Contains Operator In Graph PowerShell
Add User to Multiple Microsoft 365 Groups Using Graph PowerShell
Get Microsoft 365 User Location Using Graph PowerShell
Import Microsoft 365 Groups from CSV File Using Graph PowerShell
Microsoft 365 Group User Import Using Graph PowerShell