Hey Everyone!!!

Today i will show you how can you create SharePoint 2016 Service Accounts using PowerShell script following the Best Practices.

The script not only create all the accounts but also create the respectives OU (Organizational Unit):

  • SharePoint Accounts
  • SQL Accounts

Service Accounts:

 Name  Description  Local Rights  Domain Rights
SP_Farm The server farm account is used to perform the following tasks:
-Configure and manage the server farm.
-Act as the application pool identity for the SharePoint Central Administration Web site.
-Run the Microsoft SharePoint Foundation Workflow Timer Service.
SecurityAdmin and DB_Creator rights on the SQL Instance Domain User
SP_Admin The server farm account is used to perform the following tasks:
-Setup
-SharePoint Products Configuration Wizard
Local Administrator on all the SharePoint Servers. SecurityAdmin and DB_Creator rights on the SQL Instance Domain User
SP_Pool The Pool account is used to run the Web Application Pools None Domain User
SP_Services The Services Account is used to run the Service Application Pool None Domain User
SP_Crawl The Default Content Access Account for the Search Service Application None Domain User
SP_Search Service Account to run the SharePoint Search “Windows Service” None Domain User
SP_UserProfiles The User Profile Synchronization Account None Domain User
SP_MySitePool Used for the My Sites Web Application None Domain User
SP_CacheSuperUser Object Cache Service Account. The goals of the object cache are to reduce the load on the computer on which SQL Server is running, and to improve request latency and throughput. These user account must be properly configured to ensure that the object cache works correctly. None.
SharePoint: Must be an account that has Full Control access to the Web application.
Domain User
SP_CacheSuperReader Object Cache Service Account. The goals of the object cache are to reduce the load on the computer on which SQL Server is running, and to improve request latency and throughput. These user account must be properly configured to ensure that the object cache works correctly. None.
SharePoint: Must be an account that has Full Read access to the Web application
Domain User
WF_Service WorkFlow Manager Service Account Local Administrator and SysAdmin rights on the SQL instance. Domain User
SP_MySitePool Used for the My Sites Web Application None Domain User
SP_VisioUser Visio Unattended ID None Domain User
SP_ExcelUser Excel Unattended ID None Domain User
SP_PerfPointUser Performance Point Unattended ID None Domain User
SQL_Admin SQL Admin on the SQL Server. Used to Install the SQL Server. Local Administrator on the SQL Server Domain User
SQL_Services It is the service account for the following SQL Server services: MSSQLSERVER SQLSERVERAGENT None Domain User


Script:

 

$mydom = (get-addomain).distinguishedname 
$password = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force 

$ouNameSP = "SharePoint Accounts"
$oudnSP = "OU=$ounameSP,$mydom" 

$ouNameSQL = "SQL Accounts" 
$oudnSQL = "OU=$ounameSQL,$mydom" 

#----------------------------> Organizational Unit <---------------------------- 

New-ADOrganizationalUnit -Name $OUNameSP -Path $mydom 
Write-Host "OU $OUNameSP Created" -foregroundcolor green 

New-ADOrganizationalUnit -Name $OUNameSQL -Path $mydom 
Write-Host "OU $OUNameSQL Created" -foregroundcolor green 

#-----------------------------> SharePoint 2016 <-------------------------------

$usersArraySP = @("SP_Farm","SP_Admin","SP_Pool","SP_Services","SP_Crawl","SP_Search",
                  "SP_UserProfiles","SP_PortalSuperReader","SP_CacheSuperUser","SP_VisioUser",
                  "SP_PerfPointUser","WF_Service","SP_MySitePool","SP_PortalSuperUser")

foreach ($usp in $usersArraySP) {
        New-ADUser -Name $usp -DisplayName $usp -SamAccountName $usp -AccountPassword $password 
        -ChangePasswordAtLogon $false -PassThru -PasswordNeverExpires $true -Path $oudnSP 
        Write-Host "$usp Created" -foregroundcolor green
 }

#----------------------------------> SQL <--------------------------------------
$usersArraySQL = @("SQL_Admin","SQL_Service")

foreach ($usql in $usersArraySQL) {
       New-ADUser -Name $usql -DisplayName $usql -SamAccountName $usql -AccountPassword $password 
       -ChangePasswordAtLogon $false -PassThru -PasswordNeverExpires $true -Path $oudnSQL
       Write-Host "$usql Created" -foregroundcolor green
 }

 

Thanks

Fábio Carvalho
SharePoint Consultant
|create|it|

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here