Using Get-MgUserDirectReport in Graph PowerShell

The Get-MgUserDirectReport cmdlet is a powerful tool within the Microsoft Graph PowerShell module that allows administrators to retrieve a list of users who report directly to a specified user. This cmdlet can be instrumental in managing organizational hierarchies, generating reports, and ensuring compliance with company policies.

In this article, we will delve into the syntax, usage examples, common use cases, and potential errors along with their solutions.

Cmdlet Syntax

The basic syntax for the Get-MgUserDirectReport cmdlet is as follows:

Get-MgUserDirectReport -UserId <String> [-ExpandProperty <String[]>] [-Property <String[]>] [<CommonParameters>]

• -UserId: Specifies the ID or user principal name of the user.
• -ExpandProperty: Expands related entities inline.
• -Property: Specifies which properties of the retrieved objects should be returned.

Least permission required: User.Read.All

Usage Examples

Example 1: Retrieve Direct Reports of a Specific User

Get-MgUserDirectReport -UserId "samadmin@7xh7fj.onmicrosoft.com"

This command retrieves a list of users who report directly to Sam Admin.

Example 2: Retrieve Full User Details for Each Direct Report

# Retrieve the direct reports of the user
$directReports = Get-MgUserDirectReport -UserId "samadmin@7xh7fj.onmicrosoft.com"

# Check if any direct reports are returned
if ($directReports.Count -gt 0) {
    # Loop through each direct report and retrieve full user details
    $directReports | ForEach-Object {
        $userId = $_.Id
        $user = Get-MgUser -UserId $userId
        [PSCustomObject]@{
            DisplayName = $user.DisplayName
            JobTitle    = $user.JobTitle
        }
    } | Format-Table -AutoSize
} else {
    Write-Host "No direct reports found for the specified user."

This command fetches the direct reports of Sam Admin, retrieves the full user details for each direct report, and displays the DisplayName, JobTitle properties.

Cmdlet Tips

• Only direct reports are returned — use recursion to map full org hierarchies.
• Ensure the manager is assigned using Set-MgUserManagerByRef; otherwise, results may be empty.
• Combine with Select-Object to extract properties like DisplayName, UserPrincipalName, or JobTitle.
• Pair with Get-MgUser to enrich results with additional user details if needed.

Use Cases

• Organizational Hierarchies: Maintain and verify organizational structures by identifying direct reports.
• Performance Reviews: Generate reports for managers to conduct performance reviews of their direct reports.
• Compliance: Ensure that reporting structures comply with company policies and industry regulations.
• Data Integration: Integrate direct reports data into HR systems for enhanced data consistency and reliability.

Possible Errors & Solutions

Get-MgUser -UserId "samadmin@7xh7fj.onmicrosoft.com"

Conclusion

The Get-MgUserDirectReport cmdlet is an essential tool for administrators managing organizational hierarchies within Microsoft 365. By leveraging this cmdlet, you can efficiently retrieve and manage direct report information, ensuring better oversight and compliance. Whether generating reports or integrating data, this cmdlet offers the flexibility and power needed for robust user management.

Related Articles: