This script transfers all direct reports of users it is executed on to their assistant specified in the Assistant attribute. To be able to execute the script on a user account whose direct reports you want to transfer, you need to create a custom command that runs the script.
To be able to reverse the changes in the future, the script also saves the manager's GUID in Adaxes custom attribute CustomAttributeBinary1 of each processed subordinate. Thus, you can use the script to transfer subordinates on a temporary basis when the permanent manager goes on sick leave, for example.
# Get subordinates
try
{
$subordinateDNs = $Context.TargetObject.GetEx("directReports")
}
catch
{
$Context.LogMessage("The user has no subordinates", "Information")
return
}
# Update the manager for subordinates
$currentManagerGuidByte = $Context.TargetObject.Get("objectGuid")
foreach ($subordinateDN in $subordinateDNs)
{
$subordinate = $Context.BindToObjectByDN($subordinateDN)
# Save former manager GUID in CustomAttributeBinary1
$subordinate.Put("adm-CustomAttributeBinary1", $currentManagerGuidByte)
# Update manager
$subordinate.Put("manager", "%assistant%")
# Save changes
$subordinate.SetInfo()
}
This script will undo the changes made by the previous script and return subordinates transferred on a temporary basis back to the original manager. When run on a user account, it will find all users who are currently managed by the user's assistant, and those of them who have the target user's GUID specified in the CustomAttributeBinary1 attribute will be assigned as direct reports of the target user.
# Get current manager
try
{
$currentManagerDN = $Context.TargetObject.Get("assistant")
}
catch
{
$Context.LogMessage("No replacement manager specified for this user", "Information") # TODO: modify me
return
}
# Bind to the current manager
$currentManager = $Context.BindToObjectByDN($currentManagerDN)
# Get subordinates
try
{
$subordinateDNs = $currentManager.GetEx("directReports")
}
catch
{
$Context.LogMessage("User '" + $currentManager.Get("name") + "' has no subordinates at the moment", "Information") # TODO: modify me
return
}
$targetUserGuidBytes = $Context.TargetObject.Get("objectGuid")
$targetUserGuid = New-Object "System.Guid" (,$targetUserGuidBytes)
foreach ($subordinateDN in $subordinateDNs)
{
$subordinate = $Context.BindToObjectByDN($subordinateDN)
# Get former manager GUID
try
{
$formerManagerGuidBytes = $subordinate.Get("adm-CustomAttributeBinary1")
}
catch
{
continue # The user has always been managed by the assistant
}
$formerManagerGuid = New-Object "System.Guid" (,$formerManagerGuidBytes)
if (!($targetUserGuid.Equals($formerManagerGuid)))
{
continue # The user used to be managed by another manager before
}
# Clear custom attribute
$subordinate.Put("adm-CustomAttributeBinary1", $NULL)
# Assign target user as manager
$subordinate.Put("manager", "%distinguishedName%")
# Save changes
$subordinate.SetInfo()
}