Set User’s Manager in Active Directory with Orchestrator

This runbook is inspired from Anders’ manager runbook he includes in his Password Reset runbook. Found here http://contoso.se/blog/?p=3085. Unfortunately in the environment I implemented this in, almost none of our managers actually had “manager” in their title, so his runbook would not work in its current configuration. In fact there was no unified keyword for any manager in Active Directory. The solution however, was to get an export from the HR department which had the users and their managers next to them. After filtering out the extraneous information down to just the user and their manager, I had something I could work with. I then converted it from excel to CSV.

The format of the CSV we take into Orchestrator:

user SamAccountName, manager SamAccountName

The runbook is fairly simple: 

 We’ll skip Initialize Data and move straight to the Read Lines activity, because there is nothing in Initialize Data.

Pretty simple, tell it where the file is, and how many lines you want it to read. 

Next we’ll get the users in Active Directory, I set a filter for Disabled Equals False, no point in grabbing disabled accounts right?

Then we add a filter of Sam Account Name equals line text from Read Lines. This is where we parse the CSV.

This string entered tells Orchestrator to get the text in the first field of the CSV.

Now we have our users, we need to do the same for the managers. Again I set a filter for Disabled Equals False.

And tell Orchestrator to get the second field from the CSV.

Here is where the magic happens. We get the Update User activity and input the Distinguished name for both the user and the manager.


And then I added a filter for failures and append those users with the error message in a file.


Pretty simple, but it definitely helps cleanup even more than just AD, as Exchange, Service Manager, and Microsoft Lync (soon to be Skype for Business) all use this field to show managers and their reports.

This runbook is provided as an example and is not production ready, please test in your own environment.  The runbook is provided as is and without warranty.

The runbook can be downloaded from here

Hi, I’m Billy York.  I’m a Cloud and Datacenter Engineer, specializing in monitoring and automation. Here you’ll find posts about System Center Operations Manager, Powershell, Hyper-V, Azure Automation, Azure Log Analytics and other Microsoft related technologies.