We’ve seen several discussions in the Microsoft Online support forums from people who want to take advantage of Directory Sync to get their user information into Microsoft Online, but don’t have the necessary server to run Directory Sync.  In some cases they are running SBS and in others they only have 64 bit servers.  We developed this script as a quick way to get your user information out of Active Directory and up to Microsoft Online.  It simply reads the Active Directory users and their attributes and creates them in Microsoft Online.  By no means is it a replacement for Directory Sync, it simply gets your user information up to Microsoft Online if you can’t or don’t want to run Directory Sync.

Before running the script you’ll want to take a look at the LDAPFilter variable.  The LDAPFilter defines which users will be created.  By default it’s all users with the mail attribute populated.  When you run the script, you’ll be prompted for your Microsoft Online Admin Credentials.  The script will then go out and find all the users in your Active Directory which match the filter, and read their attributes.  Finally the script will create those accounts in Microsoft Online.  They’ll initially be brought over as disabled accounts, just like Directory Sync.

Two final requirements are you must enable Directory Synchronization in the Microsoft Online Administration page for this script to work and you must have the Microsoft Online Migration tools installed.  The script must be run from the Migration Command Shell.

If you have any questions or need help, please contact us and we’ll do our best to get back to you as soon as possible.

You can download a properly formatted version of the script here.

#Active Directory to Microsoft Online User Import Script
#By Chad Mosman, MessageOps, www.messageops.com
#This script reads users from Active Directory and creates them in Microsoft Online

#The LDAP filter controls which objects are created
$LDAPFilter = “(&(objectclass=User)(Mail=*))”

#Get the Microsoft Online Credentials
$AdminCredential = Get-Credential

#search the active directory for accounts that match the filter

$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.PageSize = 1000
$objSearcher.Filter = $LDAPFilter
$objSearcher.SearchScope = “Subtree”


foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)}

$colResults = $objSearcher.FindAll()

“Found ” + $colResults.count + ” users that match the filter.”
Write-Host “Press any key to create the accounts in Microsoft Online…”

$x = $host.UI.RawUI.ReadKey(“NoEcho,IncludeKeyDown”)
Start-Transcript -Path “UserSyncResults.txt” -NoClobber:$false

foreach ($objResult in $colResults)
$objItem = $objResult.Properties

#make sure the required attributes are present
If($objitem.sn -gt “” -and $objitem.givenname -gt “” -and $objitem.mail -gt “”)
“Creating user ” + $objItem.mail
Add-MsOnlineUser -Identity $objItem.mail -FirstName $objItem.givenname `
-Lastname $objItem.sn -Displayname $objItem.displayname `
-JobTitle $objItem.title -Department $objItem.department `
-OfficeNumber $objItem.physicaldeliveryofficename `
-OfficePhone $objItem.telephonenumber `
-MobilePhone $objItem.mobile `
-FaxNumber $objItem.facsimiletelephonenumber `
-StreetAddress $objItem.streetaddress -City $objItem.l `
-StateOrProvince $objItem.st -ZipOrPostalCode $objItem.postalcode `
-Credential $admincredential
“!! ” + $objItem.mail + ” is missing required attributes in AD (Mail, First Name or Last Name)”


Was this article helpful?