This script will interrogate Active Directory and get a list of Users. If the user has an email address, it will then add the user to SharePoint using the API. This code works for both SharePoint 2007 and SharePoint 2010. SharePoint 2007 user simply needs to uncomment the line that adds the SharePoint assembly.
# Variables to modify per environment
$strFilter = “(&(objectCategory=User))”
$domainName = $env:USERDOMAIN
$LDAP = “LDAP://dc=$domainName, dc=yourcompany, dc=com”
$siteURL = “http://mcm-sps”
# Uncomment the following line if using SharePoint 2007, not for SharePoint 2010
#[void][system.reflection.assembly]::load(“Microsoft.sharepoint, version=12.0.0.0, culture=neutral, publickeytoken=71e9bce111e9429c”)
# create an instance of the DirectoryEntry class
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
# if we need to search a specific OU instead of the domain root, uncomment the following and specify the parameters
$objDomain = New-Object System.DirectoryServices.DirectoryEntry($LDAP)
# create an instance of the DirectorySearcher class and specify the required properties
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
# begin search at the specified domain
$objSearcher.SearchRoot = $objDomain
# default return items is 1000, unless this is specified. The it will return the value per page
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
# There are 3 types of Search Scops: Base, OneLevel, and Subtree
$objSearcher.SearchScope = “Subtree”
$colProplist = “name”,”samaccountname”,”mail”, “department”
# Loop through the list of properties (name, samaccountname, mail, department) and add them to ‘PropertiesToLoad’
foreach ($i in $colPropList)
{
$objSearcher.PropertiesToLoad.Add($i)
}
$colResults = $objSearcher.FindAll()
# Open a new site object, this requires a dispose
$site = new-object Microsoft.SharePoint.SPSite($siteURL)
$web = $site.rootweb
foreach ($objResult in $colResults)
{
$objItem = $objResult.Properties
[string] $nameValue = [string] $objItem.name
[string] $acctNameValue = [string] $objItem.samaccountname
[bool] $nameExists = $false
# Only add records that have an email address
if ([string] $objItem.mail -eq “”)
{
$nameValue + ” is missing a value for email.”
}
else
{
foreach ($spUser in $web.SiteUsers)
{
$siteUser = $spUser.LoginName
$pair = $siteUser.Split(“”)
$dn = $pair[0]
$nameToCompare = $pair[1]
if ($acctNameValue -eq $nameToCompare)
{
$nameExists = $true
break
}
}
if ($nameExists -eq $false)
{
“Attempting to add – ” + $domainName + “” + $objItem.samaccountname
$web.SiteUsers.Add($domainName + “” + $objItem.samaccountname,””,$objItem.name,””)
}
else
{
“Found ” + $acctNameValue
}
}
}
$site.Dispose()
Error 401: Unauthorized 
Thanks Shannon, you are my hero! With your script as a templat I was able to fix a bunch of emailadresses at my sharepoint.
Thanks again!
So this is great and all, very nice and easy to understand for beginners…
But I want to try and do the opposite, I want to remove disabled AD users from site collections.
I posted to technet, http://social.technet.microsoft.com/Forums/en-US/ITCG/thread/5e71c2da-cf67-4609-83b0-b91a44d0dd8e
I will update that post once I have completed and tested it…
Joshua,
Users in SharePoint are stored in lists. To remove them, you would modify the list, just as you would any other SharePoint list.
SWB