Crawl and Display Organization Chart using Manager and directReports field in Active Directory

If you want a quick Org Chart extract from Active Directory, you have come to right place. I wrote a script just for that. Obviously the requirement for this script are

1. “manager” field in every user properties has to be populated
2. Active Directory Module for Windows PowerShell has to be installed on your computer

Download below or copy/paste the script in to Notepad and save it as OrgChart.PS1. Open PowerShell go to the saved location and type ./OrgChart.ps1 <VP’s UserName>.

You may pass distinguished name of the VP’s account instead of Username. If you put your CEO’s username, you have got the whole company’s org chart. Enjoy.

 

Download it HERE or copy/paste it from below.

 

#------------------------------------------------------------------------------------------
# Function: IsAccountDisabled
# Purpose: Gets state of the Active Directory User Account (True for disabled, false for
# active)
# Parameters: <distinguishedName> 
#------------------------------------------------------------------------------------------
Function IsAccountDisabled($UserDN)
{
    #Form the LDAP URL Path
    $LDAPPath = "LDAP://$UserDN"

    #Get the ADSI object of the LDAP path
    $UserObject = [ADSI] "$LDAPPath"
    
    #Get and return Account Disabled binary value (true or false)
    return $UserObject.PsBase.InvokeGet("AccountDisabled")
}


#------------------------------------------------------------------------------------------
# Function: Get-DirectReports
# Purpose: Get the direct reports employees list. If the direct report has other
# direct reports, call this function recursily to display the direct reports.
# Parameters: <User Name> or <distinguishedName>
#------------------------------------------------------------------------------------------
function get-directreports
{
    Param($user)

    #Increase the level of organization structure by one
    #Every time this function (get-directreports) called, it is processing
    #employees from an Manager
    $level++

    #Get the User object
    $userdetails = Get-ADUser $user -Properties directReports,distinguishedName
    
    #Check the account disabled or not
    $AccountStatus = IsAccountDisabled($userdetails.distinguishedName)


    if ( $AccountStatus )
    { 
        #Yes the account disabled..no need to process.
        #skipping
    }
    else
    {
        #Processing working employee (possibly an Manager)
        #Process through all direct reports of processing employee user object
        foreach( $directreport in $userdetails.directReports )
        {
            #Check the currenly processing object is Contact or not
			$adobject = get-AdObject $directreport
            If ($adobject.ObjectClass -eq "contact")
            {
                #this current object is a contact..do nothing.
            }
            else 
            {
                #if we are in this for loop, there is/are some direct reports for
                #the processing user object

                #Store the employee level and name to the file
                "$Script:Count.  " + ("`t" * $level) + (Get-ADUser $directreport).name `
				| Out-File -FilePath .\OrgUsers.txt -Append

                #Display the employee organization level and name to the screen
                ("¦¦¦¦" * $level) + (Get-ADUser $directreport).name 

                #Count the global employee count in this organization structure
                $Script:Count++  
            
            
                #Check the each directreport employee has other directreports
                $drdetails = get-aduser $directreport -Properties directReports

         
                if ($drdetails.directReports -eq $null) 
                {
                    #No direct reports for this employee...Do Nothing
                
                }
                else
                {
                    #There are some direct reports, so call get-directreports function (itself)
                    #to process the direct reports
                    get-directreports $drdetails.distinguishedName   
                }
            }
        }
    }

    #Decrease the level of organization structure by one
    #Every time this function quits, we are going to up in the organization structure
    $level--
}





#------------------------------------------------------------------------------------------
# Name: CrawlAD.ps1
# Purpose: Get all employees working under a speific VP
# Parameters: Distinguished Name of the employee (VP or Director or Manager)
# 
# Written by: Anand Venkatachalapathy
# Written Date: May 16th 2012
#------------------------------------------------------------------------------------------

#Turning off the errors and warnings.
#I am expecting some warning on contact objects in AD and other disabled accounts.
$ErrorActionPreference = "SilentlyContinue"

#Import Active Directory Module
Import-Module ActiveDirectory

#Set the organization level to 0 mean Top of the structure.
$level = 0

#Get the passed distinguished name of the employee and assign to the vairable
$DNofVP = $args[0]

#Set the employee count to 1 of this organization
$Script:Count=1

#write to file and Display the employee number 1 of this organization
"$Script:Count.  " + (Get-ADUser $DNofVP).name | Out-File -FilePath .\OrgUsers.txt
(Get-ADUser $DNofVP).name

#Increase the employee count by 1 of this organization (before calling get-directreports
#function)
$Script:Count++

#Call the function to process the direct reports
Get-directreports $DNofVP

#Turn on displaying errors and warnings
$ErrorActionPreference = "Continue"

#--------------------------- End of Script ----------------------------------------