cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
BryonScruggs
New Member

Retrieve user profile, manager, and direct reports for all members in Active Directory

I have a task which I'm unable to figure out. I need to create a file listing the name, title, supervisor and direct reports for all employees. I've tried various configurations of Power Automate but nothing works. Can anyone point me in the right direction?

 

BryonScruggs_0-1637690555208.png

 

4 REPLIES 4
barret
Advocate IV
Advocate IV

Can you elaborate more on what you mean by "nothing works" and what you've tried? The sample image you include in your post does have a couple of issues. First, you're using the Office 365 connector, not the Azure Active Directory connector. The O365 connector will only return users with O365 licenses, which may be fine if you know that all users have an O365 license assigned. Just pointing out it's not technically AAD.

 

Second, the results in either case will be limited to what the user connecting to AAD has rights to see. If the user  flow doesn't have rights to see everything, your results will be incomplete.

 

Third, the connector is limited to a maximum of 1000 results for each call (set in the config of the action) for the O365 connector. I think the AAD connector is similar, but I don't recall off hand. If your domain has more users than that, you will have to make use of the links returned in the results to get the next page of results and on through each page until there aren't more.

 

The next issue you're going to hit is that you're making a call to get the users, then 3 separate calls for each user to get their profile, their manager, and then their reports. This will be extremely slow. If you have a lot of users (i.e. several hundred or thousands), it will take hours to run. And it's possible you'll hit against rate limits on calls to the AAD API, which limits the number of calls per minute you can make to the AAD endpoint. So you'll have to include logic to watch for throttled error messages and have a timed retry.

 

It definitely can be done, as I have written a flow to do almost exactly this for a client. My flow didn't retrieve direct reports, but otherwise was the same. I'd share it if I was allowed, but it was proprietary work for them. I'm just saying it's likely going to end up being far more complicated than the start you have above by the time you account for everything.

BryonScruggs
New Member

Hi Barret, 

 

Thanks for taking the time for this thorough reply. I'm new with Power Automate, so take the phrase "nothing works" as synonymous with "I've spent a day and a half on this to no avail". I posted the flow that seemed to come closest to working, but didn't bother taking screen shots of the numerous previous attempts. 

 

My goal is a file showing each employee, their boss, their title, and any directs. There seem to be several ways of doing this, SQL through SSMS and PowerShell for starters. When I tried using these I immediately ran into permission errors for basic connectivity (yes, I'm leaving out a LOT of detail here 🙂 ). I'm hoping to use Power  Automate simply because the it allows me to access AD without having to figure out linked servers, PowerShell scripts, etc. 

 

Thanks for confirming what I want to do is possible! That's often half the battle, 

 

- Bryon

Yeah, it's definitely possible. I think the one I developed took me something on the order of 50-60 total hours of trial and error, coding, debugging, and testing before it was in good shape.  

VJR
Solution Sage
Solution Sage

Hi @BryonScruggs 

 

Can you check one step at a time what is your output.

 

- I used the email address of the user I want to search for in the "UPN" parameter below.

Make sure you have the right connection of your organization as seen on the right hand side. 

For the list of available search fields check here.

 

VJR_1-1637814332673.png

 

 

 

- After running the above it gives me a list of details for that user as below.

Expand the Get user profile and check the Outputs section.

 

VJR_2-1637814515840.png

 

If you have passed asking for some details and if they are not returned then it could also mean that they are not stored in the AAD (Azure Active Directory) at your organization.

 

Do this simple check and see if you get the details.

Then you can try out other things like Get Manager and Direct reports.

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

M365 768x460.jpg

Microsoft 365 Collaboration Conference | December 7–9, 2021

Join us, in-person, December 7–9 in Las Vegas, for the largest gathering of the Microsoft community in the world.

Top Solution Authors
Top Kudoed Authors
Users online (2,782)