If you want a quick Org Chart extract from Active Directory, you have come to right place. I wrote a script just for that. Obviously the requirement for this script are
- “manager” field in every user properties has to be populated
- Active Directory Module for Windows PowerShell has to be installed on your computer
Download below or copy/paste the script in to Notepad and save it as OrgChart.PS1. Open PowerShell go to the saved location and type ./OrgChart.ps1 <VP’s UserName>.
You may pass distinguished name of the VP’s account instead of Username. If you put your CEO’s username, you have got the whole company’s org chart. Enjoy.
Download it HERE or copy/paste it from below.
#------------------------------------------------------------------------------------------
# Function: IsAccountDisabled
# Purpose: Gets state of the Active Directory User Account (True for disabled, false for
# active)
# Parameters: <distinguishedName>
#------------------------------------------------------------------------------------------
Function IsAccountDisabled($UserDN)
{
#Form the LDAP URL Path
$LDAPPath = "LDAP://$UserDN"
#Get the ADSI object of the LDAP path
$UserObject = [ADSI] "$LDAPPath"
#Get and return Account Disabled binary value (true or false)
return $UserObject.PsBase.InvokeGet("AccountDisabled")
}
#------------------------------------------------------------------------------------------
# Function: Get-DirectReports
# Purpose: Get the direct reports employees list. If the direct report has other
# direct reports, call this function recursily to display the direct reports.
# Parameters: <User Name> or <distinguishedName>
#------------------------------------------------------------------------------------------
function get-directreports
{
Param($user)
#Increase the level of organization structure by one
#Every time this function (get-directreports) called, it is processing
#employees from an Manager
$level++
#Get the User object
$userdetails = Get-ADUser $user -Properties directReports,distinguishedName
#Check the account disabled or not
$AccountStatus = IsAccountDisabled($userdetails.distinguishedName)
if ( $AccountStatus )
{
#Yes the account disabled..no need to process.
#skipping
}
else
{
#Processing working employee (possibly an Manager)
#Process through all direct reports of processing employee user object
foreach( $directreport in $userdetails.directReports )
{
#Check the currenly processing object is Contact or not
$adobject = get-AdObject $directreport
If ($adobject.ObjectClass -eq "contact")
{
#this current object is a contact..do nothing.
}
else
{
#if we are in this for loop, there is/are some direct reports for
#the processing user object
#Store the employee level and name to the file
"$Script:Count. " + ("`t" * $level) + (Get-ADUser $directreport).name `
| Out-File -FilePath .\OrgUsers.txt -Append
#Display the employee organization level and name to the screen
("¦¦¦¦" * $level) + (Get-ADUser $directreport).name
#Count the global employee count in this organization structure
$Script:Count++
#Check the each directreport employee has other directreports
$drdetails = get-aduser $directreport -Properties directReports
if ($drdetails.directReports -eq $null)
{
#No direct reports for this employee...Do Nothing
}
else
{
#There are some direct reports, so call get-directreports function (itself)
#to process the direct reports
get-directreports $drdetails.distinguishedName
}
}
}
}
#Decrease the level of organization structure by one
#Every time this function quits, we are going to up in the organization structure
$level--
}
#------------------------------------------------------------------------------------------
# Name: CrawlAD.ps1
# Purpose: Get all employees working under a speific VP
# Parameters: Distinguished Name of the employee (VP or Director or Manager)
#
# Written by: Anand Venkatachalapathy
# Written Date: May 16th 2012
#------------------------------------------------------------------------------------------
#Turning off the errors and warnings.
#I am expecting some warning on contact objects in AD and other disabled accounts.
$ErrorActionPreference = "SilentlyContinue"
#Import Active Directory Module
Import-Module ActiveDirectory
#Set the organization level to 0 mean Top of the structure.
$level = 0
#Get the passed distinguished name of the employee and assign to the vairable
$DNofVP = $args[0]
#Set the employee count to 1 of this organization
$Script:Count=1
#write to file and Display the employee number 1 of this organization
"$Script:Count. " + (Get-ADUser $DNofVP).name | Out-File -FilePath .\OrgUsers.txt
(Get-ADUser $DNofVP).name
#Increase the employee count by 1 of this organization (before calling get-directreports
#function)
$Script:Count++
#Call the function to process the direct reports
Get-directreports $DNofVP
#Turn on displaying errors and warnings
$ErrorActionPreference = "Continue"
#--------------------------- End of Script ----------------------------------------
Anand, the Architect 
Thank you. It works for me. I’m not a programmer. Any chance that you could update it to include the employee job title after the name?
I have modified the script to add title in the results. You can download it again and run it.
First I will say right up front. A programmer I am NOT!
Trying to run this on a perhaps large domain – not sure what to expect when running the script. I get Loading Active Directory module for Windows Powershell with default drive ‘AD:’ on the next line [0000000 a row of “0”‘s then it goes away and back to the prompt.
I am not certain if anything is working? Where the data might be saved after the fact. I am opening Powershell from the Start/Programs menu and moving the script from my desktop to the terminal window and then typing the top user of the domain structure as suggested to hopefully populate a full Org Chart.
Hi Anand,
First of all, thank you very much for your useful tips, they are quite handy.. 🙂
But after editing some commands to meet my task, I really messed up my code. I want to:
1. Get users from on OU (in AD) with their “line manager” who is one positions higher and Export to CSV file.
2. Also, i want to add another column in CSV where the top manager will be displayed (one position lower than the Managing Director in the organization). Can you help me out with that?
Thank you in advance!
Hi Anand,
First of all, thank you very much for your useful tips, they are quite handy.. 🙂
But after editing some commands to meet my task, I really messed up my code. I want to:
1. Get users from on OU (in AD) with their “line manager” who is one positions higher and Export to CSV file.
2. Also, i want to add another column in CSV where the top manager will be displayed (one position lower than the Managing Director in the organization). Can you help me out with that?
Thank you in advance!
(edit)
I have worked alot with Exchange and Powershell charts to display nice charts.http://gallery.technet.microsoft.com/Get-CorpEmailReport-8d708025
Hi Anand, great script, only drawback is that it doesn’t crawl the entire forest (we have 5 subdomains). If that’s a quick update for you, that would be great. I’m making the updates myself, which means updating all of the get-aduser commands to include -server, -searchbase, -searchscope options that point it to a GC, define the forest root and then perform a subtree search, but it’s taking me some time to get it all correctly formatted.
Hope you’re still monitoring the replies..
Thanks!
This would be awesome(r) if it could include Company, Department, Job Title creating a quick more accurate Org Structure which would probably be cleaner that actual AD structure might show.
Great Script , however I am getting names of people in O/P who have been disabled too ..
any help is appreciated.
Prabir
When I view the output from the script I can see everyone but the 1 one position. My results display from line 2 on wards, no line 1