• State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 63 subscribers
  • Views 5231 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Group of all reports (direct & indirect)

Gary.Busby
over 6 years ago

So as not to re-invent the wheel, does anyone have a script/policy/workflow/dynamic or family group that can automatically create groups (security or distro) with the Manager's name in it and the members are their direct AND indirect reports? Basically, an org chart of all managers on a per manager group basis.

Parents
  • 0 over 6 years ago
    Hello Gary

    Because of the potential number of user and group objects in process, this task is best performed with a script running outside Active Roles, using native calls to a domain controller. However, it can be done inside Active Roles with a single, relatively straightforward workflow; a few lines of PowerShell; a managed unit and three new OUs. Despite the fact that a workflow is much slower and consumes precious Active Roles resources, it is often preferred because it is much easier to understand than a 'behind the scenes' script

    Group Family could be used for one of the sub-processes, but I wouldn't recommend because : Group Families are not very good at setting unique display names for manager based groups; Group Families cannot work with indirect reports; and (by design), Group Families do not delete redundant groups.

    Dynamic Groups created on the fly by scripts can also be used, but are not recommended because of object volumes (for example a company the size of IBM would have a CEO's dynamic group containing 414,000 members)

    I do not have a laptop with me this week, so the following is from memory. If you would like the workflow and script, please let me know and I can send next week.


    The workflow will create 3 distribution lists for each line manager: a "Direct Reports" DL which holds only the line manager and her/his direct reports as members; an "All Reports" DL which has a membership of the Direct Reports DLs and the All-Reports DLs of all the line managers direct reports; and an "Enterprise Reports" DL which holds all of the direct and indirect reports of the line manager. Only the Direct Reports and Enterprise Reports distribution lists need to be mail enabled.

    The workflow also deletes distribution lists if the line manager is deleted or if s/he no longer has any direct reports.

    It is worth remembering that if a mid-level manager is deleted then her/his direct reports must be reassigned to a new line manager or a "dummy" line manager ;-) otherwise the top level managers' distribution lists will not be accurate.


    Rgds - Martyn
Reply
  • 0 over 6 years ago
    Hello Gary

    Because of the potential number of user and group objects in process, this task is best performed with a script running outside Active Roles, using native calls to a domain controller. However, it can be done inside Active Roles with a single, relatively straightforward workflow; a few lines of PowerShell; a managed unit and three new OUs. Despite the fact that a workflow is much slower and consumes precious Active Roles resources, it is often preferred because it is much easier to understand than a 'behind the scenes' script

    Group Family could be used for one of the sub-processes, but I wouldn't recommend because : Group Families are not very good at setting unique display names for manager based groups; Group Families cannot work with indirect reports; and (by design), Group Families do not delete redundant groups.

    Dynamic Groups created on the fly by scripts can also be used, but are not recommended because of object volumes (for example a company the size of IBM would have a CEO's dynamic group containing 414,000 members)

    I do not have a laptop with me this week, so the following is from memory. If you would like the workflow and script, please let me know and I can send next week.


    The workflow will create 3 distribution lists for each line manager: a "Direct Reports" DL which holds only the line manager and her/his direct reports as members; an "All Reports" DL which has a membership of the Direct Reports DLs and the All-Reports DLs of all the line managers direct reports; and an "Enterprise Reports" DL which holds all of the direct and indirect reports of the line manager. Only the Direct Reports and Enterprise Reports distribution lists need to be mail enabled.

    The workflow also deletes distribution lists if the line manager is deleted or if s/he no longer has any direct reports.

    It is worth remembering that if a mid-level manager is deleted then her/his direct reports must be reassigned to a new line manager or a "dummy" line manager ;-) otherwise the top level managers' distribution lists will not be accurate.


    Rgds - Martyn
Children
No Data