This script will interrogate Active Directory and get a list of Users. If the user has an email address, it will then add the user to SharePoint using the API. This code works for both SharePoint 2007 and SharePoint 2010. SharePoint 2007 user simply needs to uncomment the line that adds the SharePoint assembly.


# Variables to modify per environment

$strFilter = “(&(objectCategory=User))”

$domainName = $env:USERDOMAIN

$LDAP = “LDAP://dc=$domainName, dc=yourcompany, dc=com”

$siteURL = http://mcm-sps”

# Uncomment the following line if using SharePoint 2007, not for SharePoint 2010

#[void][system.reflection.assembly]::load(“Microsoft.sharepoint, version=, culture=neutral, publickeytoken=71e9bce111e9429c”)

# create an instance of the DirectoryEntry class

$objDomain = New-Object System.DirectoryServices.DirectoryEntry

# if we need to search a specific OU instead of the domain root, uncomment the following and specify the parameters

$objDomain = New-Object System.DirectoryServices.DirectoryEntry($LDAP)

# create an instance of the DirectorySearcher class and specify the required properties

$objSearcher = New-Object System.DirectoryServices.DirectorySearcher

# begin search at the specified domain

$objSearcher.SearchRoot = $objDomain

# default return items is 1000, unless this is specified. The it will return the value per page

$objSearcher.PageSize = 1000

$objSearcher.Filter = $strFilter

# There are 3 types of Search Scops: Base, OneLevel, and Subtree

$objSearcher.SearchScope = “Subtree”

$colProplist = “name”,”samaccountname”,”mail”, “department”

# Loop through the list of properties (name, samaccountname, mail, department) and add them to ‘PropertiesToLoad’

foreach ($i in $colPropList)




$colResults = $objSearcher.FindAll()

# Open a new site object, this requires a dispose

$site = new-object Microsoft.SharePoint.SPSite($siteURL)

$web = $site.rootweb

foreach ($objResult in $colResults)


$objItem = $objResult.Properties

[string] $nameValue = [string] $

[string] $acctNameValue = [string] $objItem.samaccountname

[bool] $nameExists = $false

# Only add records that have an email address

if ([string] $objItem.mail -eq “”)


$nameValue + ” is missing a value for email.”




foreach ($spUser in $web.SiteUsers)


$siteUser = $spUser.LoginName

$pair = $siteUser.Split(“”)

$dn = $pair[0]

$nameToCompare = $pair[1]


if ($acctNameValue -eq $nameToCompare)


$nameExists = $true





if ($nameExists -eq $false)


“Attempting to add – ” + $domainName + “” + $objItem.samaccountname

$web.SiteUsers.Add($domainName + “” + $objItem.samaccountname,””,$,””)




“Found ” + $acctNameValue








3 thoughts on “Adding Users to SharePoint from Active Directory

  1. Thanks Shannon, you are my hero! With your script as a templat I was able to fix a bunch of emailadresses at my sharepoint.

    Thanks again!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s