cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
BryonScruggs
Regular Visitor

Retrieve user profile, manager, and direct reports for all members in Active Directory

I have a task which I'm unable to figure out. I need to create a file listing the name, title, supervisor and direct reports for all employees. I've tried various configurations of Power Automate but nothing works. Can anyone point me in the right direction?

 

BryonScruggs_0-1637690555208.png

 

4 REPLIES 4
barret
Resolver II
Resolver II

Can you elaborate more on what you mean by "nothing works" and what you've tried? The sample image you include in your post does have a couple of issues. First, you're using the Office 365 connector, not the Azure Active Directory connector. The O365 connector will only return users with O365 licenses, which may be fine if you know that all users have an O365 license assigned. Just pointing out it's not technically AAD.

 

Second, the results in either case will be limited to what the user connecting to AAD has rights to see. If the user  flow doesn't have rights to see everything, your results will be incomplete.

 

Third, the connector is limited to a maximum of 1000 results for each call (set in the config of the action) for the O365 connector. I think the AAD connector is similar, but I don't recall off hand. If your domain has more users than that, you will have to make use of the links returned in the results to get the next page of results and on through each page until there aren't more.

 

The next issue you're going to hit is that you're making a call to get the users, then 3 separate calls for each user to get their profile, their manager, and then their reports. This will be extremely slow. If you have a lot of users (i.e. several hundred or thousands), it will take hours to run. And it's possible you'll hit against rate limits on calls to the AAD API, which limits the number of calls per minute you can make to the AAD endpoint. So you'll have to include logic to watch for throttled error messages and have a timed retry.

 

It definitely can be done, as I have written a flow to do almost exactly this for a client. My flow didn't retrieve direct reports, but otherwise was the same. I'd share it if I was allowed, but it was proprietary work for them. I'm just saying it's likely going to end up being far more complicated than the start you have above by the time you account for everything.

BryonScruggs
Regular Visitor

Hi Barret, 

 

Thanks for taking the time for this thorough reply. I'm new with Power Automate, so take the phrase "nothing works" as synonymous with "I've spent a day and a half on this to no avail". I posted the flow that seemed to come closest to working, but didn't bother taking screen shots of the numerous previous attempts. 

 

My goal is a file showing each employee, their boss, their title, and any directs. There seem to be several ways of doing this, SQL through SSMS and PowerShell for starters. When I tried using these I immediately ran into permission errors for basic connectivity (yes, I'm leaving out a LOT of detail here 🙂 ). I'm hoping to use Power  Automate simply because the it allows me to access AD without having to figure out linked servers, PowerShell scripts, etc. 

 

Thanks for confirming what I want to do is possible! That's often half the battle, 

 

- Bryon

Yeah, it's definitely possible. I think the one I developed took me something on the order of 50-60 total hours of trial and error, coding, debugging, and testing before it was in good shape.  

VJR
Super User
Super User

Hi @BryonScruggs 

 

Can you check one step at a time what is your output.

 

- I used the email address of the user I want to search for in the "UPN" parameter below.

Make sure you have the right connection of your organization as seen on the right hand side. 

For the list of available search fields check here.

 

VJR_1-1637814332673.png

 

 

 

- After running the above it gives me a list of details for that user as below.

Expand the Get user profile and check the Outputs section.

 

VJR_2-1637814515840.png

 

If you have passed asking for some details and if they are not returned then it could also mean that they are not stored in the AAD (Azure Active Directory) at your organization.

 

Do this simple check and see if you get the details.

Then you can try out other things like Get Manager and Direct reports.

Helpful resources

Announcements
MPA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

Learn to digitize and optimize business processes and connect all your applications to share data in real time.

Microsoft Build 768x460.png

Microsoft Build is May 24-26. Have you registered yet?

Come together to explore latest innovations in code and application development—and gain insights from experts from around the world.

May UG Leader Call Carousel 768x460.png

What difference can a User Group make for you?

At the monthly call, connect with other leaders and find out how community makes your experience even better.

PA Survey Carousel Image.png

We want to hear from you!

If you are a small business ISV/Reseller, share your thoughts with our research team.

Top Solution Authors
Top Kudoed Authors
Users online (1,135)