8,330 questions
What determines the "rank" of a group member?
What determines the "AD management" hierarchy?
Powershell: 1: Query highest ranking member in AD security group.2. Find highest ranking member's AD management hierarchy.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 62%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPJ%3C/text%3E%3C/svg%3E)
PKI John
1
Reputation point
Powershell 5.1
AD module install
I would like to send out some email notifications to the highest-ranking member in an AD security group. I also want to query the AD management hierarchy and send an email notification to their managers.
Thanks,
John
Windows for business | Windows Server | User experience | PowerShell
3 answers
Sort by: Most helpful
-
-
PKI John 1 Reputation point
2022-06-16T20:44:20.36+00:00 The possible ranks are: Engineering Lead, Manager, Director, and Executive Director and they would be populated in the "job title" field in AD for the user.
The AD manager is populated in the Use's AD profile, field: Manager
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 74%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Rich Matheisen 47,901 Reputation points2022-06-16T21:47:23.027+00:00 What if the security group contains other security groups? Should they also be examined to determine if a "high ranking" user is a member of those groups? And what if those groups contain users that out-rank an Executive Director?
You can see where this is leading, right? Incomplete specifications lead to inaccurate results.
Sign in to comment -
-
Rich Matheisen 47,901 Reputation points
2022-06-22T02:07:10.807+00:00 I haven't run this, but see if it gives you a way to get the information you want to send the e-mail:
$Rank = @{ "Engineering Lead" = 3 Manager = 2 Director = 1 "Executive Director" = 0 } $Ranking = @{} # will hold all the users with the job titles in $Rank and the their managers $Group = "MyGroup" # must be usable as an "Identity" Get-ADGroupMember -Identity $Group | Where-Object {objectCategory -eq 'user'} | # distinguish between user and computer (both are "user" objectClass) ForEach-Object{ $u = Get-ADUser -Identity $_.distinguishedName if ($Rank.ContainsKey($u.Title)){ # is this user's job title one of interest? if ($Ranking.ContainsKey($Rank.($u.Title))){ # has another user been found with the same ranking? $h = [PSCustomObject]@{ # add whatever properties you want to the PSCustomObject Name = $u.distinguishedName Mgr = $u.manager } $Ranking.($Rank.($u.Title)) += $h # add user's DN and manager } else{ # first title of this rank has been found $h = [PSCustomObject]@{ # add whatever properties you want to the PSCustomObject Name = $u.distinguishedName Mgr = $u.manager } $Ranking.($Rank.($u.Title)) = ,$h # use the "magic comma" to create an array of user/manager DNs } } } $Ranking.Keys | Sort-Object | Select-Object -First 1 | $NamesAndManagers = $Ranking[$_] # a array PSCustomObject user and manager DNs for the highest ranking user(s) in the group # Use $NamesAndManagers to get the managers e-mail address # and send them the mail # Be careful, becasue the highest ranking user may not have a manager!