Closed john-ecom closed 6 years ago
Hi John,
This will depend on a number of things within your Okta org, by default the managerDn isn't mapped to the Okta user profile
A few ways to go about it.
In Okta Universal Directory (UD) you can extend the user Schema to include a custom attribute called managerDn, then in the UD mapping you can map active_directory.managerDn -> user.managerDn. If you do this you could then collect your list of okta users and the managerDn would be referenced as $u.profile.managerDn
You can collect the appUser object for each user and display that data. To do this you'd need to know the application id of your active directory instance. From the admin console Directory->Directory Integrations -> click on your AD Instance. Now note the URL /admin/app/active_directory/instance/{aid} the 'application id' for your active directory is {aid} (should be a 20 char value like 0oaaigwme9UyKdxHE0h7)
set $aid in the sample below with that ID
$users = oktaListUsers
$toexport = New-Object System.Collections.ArrayList
$aid = "0oaaigwme9UyKdxHE0h7"
foreach ($u in $users)
{
if ($u.credentials.provider.type -eq 'ACTIVE_DIRECTORY')
{
try
{
$appUser = oktaGetAppProfilebyUserId -aid $aid -uid $u.id
}
catch
{
$managerDn="Failure"
}
$managerDn=$appUser.profile.managerDn
} else {
$managerDn = "Not an AD User"
}
$line = @{
email = $u.profile.email
domain = $u.credentials.provider.name
oktaid = $u.id
login = $u.profile.login
managerDn = $managerDn
}
$_c = $toexport.Add((New-Object psobject -Property $line))
}
$toexport | Export-Csv -Path c:\temp\export.csv -NoTypeInformation
Hi Matt,
Thank you for your answer! Would you be open to having a phone call? I'd like to ask you some other questions. Would you send me your phone number and/or e-mail address? We are building some cool stuff for Okta and I think we could use some of your expertise!
Thanks, John
Sent from my iPhone
On 11 Aug 2017, at 19:11, Matt Egan notifications@github.com<mailto:notifications@github.com> wrote:
Hi John,
This will depend on a number of things within your Okta org, by default the managerDn isn't mapped to the Okta user profile
A few ways to go about it.
In Okta Universal Directory (UD) you can extend the user Schema to include a custom attribute called managerDn, then in the UD mapping you can map active_directory.managerDn -> user.managerDn. If you do this you could then collect your list of okta users and the managerDn would be referenced as $u.profile.managerDn
You can collect the appUser object for each user and display that data. To do this you'd need to know the application id of your active directory instance. From the admin console Directory->Directory Integrations -> click on your AD Instance. Now note the URL /admin/app/active_directory/instance/{aid} the 'application id' for your active directory is {aid} (should be a 20 char value like 0oaaigwme9UyKdxHE0h7)
set $aid in the sample below with that ID
$users = oktaListUsers $toexport = New-Object System.Collections.ArrayList
$aid = "0oaaigwme9UyKdxHE0h7" foreach ($u in $users) { if ($u.credentials.provider.type -eq 'ACTIVE_DIRECTORY') { try { $appUser = oktaGetAppProfilebyUserId -aid $aid -uid $u.id } catch { $managerDn="Failure" } $managerDn=$appUser.profile.managerDn } else { $managerDn = "Not an AD User" }
$line = @{
email = $u.profile.email
domain = $u.credentials.provider.name
oktaid = $u.id
login = $u.profile.login
managerDn = $managerDn
}
$_c = $toexport.Add((New-Object psobject -Property $line))
}
$toexport | Export-Csv -Path c:\temp\export.csv -NoTypeInformation
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/mbegan/Okta-PSModule/issues/14#issuecomment-321868366, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AddurRDVUxXQnh8t2pBSsEFcsE9ICQ1zks5sXItDgaJpZM4OzNJX.
mbegan@gmail.com
Hello,
I'm using part of your script to get some user info from OKTA. Our OKTA environment is filled by AD; I was wondering if your script can return this data as well?
$users = oktaListUsers -oOrg prev $toexport = New-Object System.Collections.ArrayList
foreach ($u in $users) { $line = @{ email = $u.profile.email domain = $u.credentials.provider.name
oktaid = $u.id login = $u.profile.login .... manager = $u.provider.managerDn <-- What would be the right notation?