SPUserUtil 2.1 is complete!

SharePoint User Utility 2.1

The purpose of the SharePoint User Utilities (WSSUserUtil and SPSUserUtil) is to assist SharePoint administrators with performing user maintenance activities for SharePoint Products and Technologies (which includes Windows SharePoint Services 2.0 and SharePoint Portal Server 2003)

New and Improved Features


100% Full Fidelity User Migrations using the new MigrateUser() APIs


update feature to synchronize existing SharePoint user Display Name and Email Address with current values in Active Directory, or values in mapping file


rich XML export of User Security settings for complete site collections in WSS and Portal Server areas


interface matches familiar STSADM syntax


“Add” feature to add users en-masse to webs, entire web hierarchies, complete site collections.


Security Analysis


“Clone” account settings. (MySite relocation to new owner, alerts remapping [Both WSS and Portal])


Delete feature can delete users on targeted webs, or automate deletion from complete site collections based on map file.

Common use scenarios

  • True User Domain Migrations fixup in SharePoint using the MigrateUser() API set

  • Web relocation within site collections

    • Preserve security information via analysis mode when using SMIGRATE to export webs
    • Re-apply security information via “Add” mode after using SMIGRATE to import the web.

  • Transfer of ownership from one user to the other (Using the new MigrateUser() API)
  • Cloning security information for SharePoint users

    • Consider the scenario, where “John Doe” has joined “Mary Jane” in the Content Authoring group at a company.   John needs to have permissions applied to match Mary exactly.

      • Run analysis mode for Mary
      • Use resulting map file and web manifest file to apply these permissions on all sites/webs./lists/doc libs for John to match

All this and more with just 3 easy monthly payments of $99.98!!

Ok, just kidding...It's still free of course, and the source code is completely available with this version as well.   I'm working out the details of how to get this publicly available and downloadable, so please be patient.  

So, a bit of a teaser on the new functionality 🙂

Modes of Operation Summary

One or more of the following operations can be used to assist you with complex user maintenance.  The tool has the following primary modes of operation as follows:


When using these utilities in Analyze mode, the resulting data can be used to prepare for user migrations, user updates, or as a template for other operations and scenarios.  The tool will create User and Web analysis data in convenient XML format  (See SPUserUtil XML DTD)


With this release of the tool set, we now have a new API built into the product that allows customers to have 100% full fidelity migration success.  The SPUserUtil suite of tools is not even necessary to perform user migrations now, but can aid in generating and automating the migration process

Adding and Updating

The Add operations allow you to add users en-masse.  SPUserUtil assists you with automating user additions and permissioning your site collections, webs, and portals in one quick and easy invocation. 


Windows SharePoint Services give users the ability to utilize completely different Display Names and Email Addresses on separate site collections, thus if changes occur to your account in Active Directory, these settings are not automatically updated in SharePoint.  Some customers have requested the ability to update users Display Names and Email Addresses for their SharePoint sites automatically when this information changes in Active Directory, regardless of the users preferences due to corporate requirements.  You can also easily restamp email addresses, and display names for specific users with the SPUserUtil suite.


Use the add mode to also re-permission webs in which you have smigrated (Export/Import) a web or web hierarchy to a new location in the site collections web hierarchy, or if you need to move web hierarchies to a completely new site collection; on the same virtual server; a different virtual server on the same machine; or a completely different machine.


Cloning allows you to “Clone” one users set of permissions for other users.  For example, a user joins an Authoring group for a specific portal.  All these users share the same set of roles, yet they are permissioned individually on the sites and areas.  Cross Site Groups are probably the best mechanism to support this, but the need to do this across site collections is still a daunting task.  With cloning, this is now easy. 


Note: Currently the SPUserUtil suite of tools does not have a method for actually cloning Site Groups and Cross Site Groups.  This is in the works for the next release.


Use SPUserUtil to automate user cleanup on site collections, or to remove previously “Cloned” accounts from your portals and site collections

Building the tools

The tool suite is no longer released in binary form.  Instead, the source is provided as is, and with instructions to build the binaries.  More details in the next post


Quick Migration Scenario

Once you have built the tools, here is a quick walk through of a migration scenario.  We’ll use this scenario as a jumping point into further details on the operations and layout of the user and webs manifest files.


Contoso becomes RXStream


Our good friends at Contoso were acquired by RXStream.  As part of the merger, Contoso servers/users and services are being relocated into the RXStream enterprise.  All users were migrated to the RXStream domain, and the Contoso portal was restored onto a server in the RXStream domain.


To use the SPUserUtil tool suite to quickly automate the updates to all the users to successfully migrate the old Contoso user permissions, perform the following steps.


  1. Analyze current user information for the Portal and Sites

    1. spsuserutil -o analyze -url http://rxstream01 -r -newdomain rxstream -usermap c:\portalusers.xml

  2. Analyze current group information for the Portal and Sites

    1. spsuserutil -o analyze -url http://rxstream01 -r -newdomain rxstream -usermap c:\portalgroups.xml -dgo

  3. Migrate the user information for the users

    1. spsuserutil -o migrate -url http://rxstream01 -usermap c:\portalusers.xml -ignoresidhistory

  4. Clone the Security Group information

    1. spsuserutil -o clone -url http://rxstream01 -r -usermap c:\portalgroups.xml

  5. Re-index to update security in your indexes

SPUserUtil is included in the SharePoint Utility Suite located at:



Skip to main content