Hey Everyone!!!
Today i will show you how can you create SharePoint 2016 Service Accounts using PowerShell script following the Best Practices.
The script not only create all the accounts but also create the respectives OU (Organizational Unit):
- SharePoint Accounts
- SQL Accounts
Service Accounts:
| Name | Description | Local Rights | Domain Rights |
| SP_Farm | The server farm account is used to perform the following tasks: -Configure and manage the server farm. -Act as the application pool identity for the SharePoint Central Administration Web site. -Run the Microsoft SharePoint Foundation Workflow Timer Service. |
SecurityAdmin and DB_Creator rights on the SQL Instance | Domain User |
| SP_Admin | The server farm account is used to perform the following tasks: -Setup -SharePoint Products Configuration Wizard |
Local Administrator on all the SharePoint Servers. SecurityAdmin and DB_Creator rights on the SQL Instance | Domain User |
| SP_Pool | The Pool account is used to run the Web Application Pools | None | Domain User |
| SP_Services | The Services Account is used to run the Service Application Pool | None | Domain User |
| SP_Crawl | The Default Content Access Account for the Search Service Application | None | Domain User |
| SP_Search | Service Account to run the SharePoint Search “Windows Service” | None | Domain User |
| SP_UserProfiles | The User Profile Synchronization Account | None | Domain User |
| SP_MySitePool | Used for the My Sites Web Application | None | Domain User |
| SP_CacheSuperUser | Object Cache Service Account. The goals of the object cache are to reduce the load on the computer on which SQL Server is running, and to improve request latency and throughput. These user account must be properly configured to ensure that the object cache works correctly. | None. SharePoint: Must be an account that has Full Control access to the Web application. |
Domain User |
| SP_CacheSuperReader | Object Cache Service Account. The goals of the object cache are to reduce the load on the computer on which SQL Server is running, and to improve request latency and throughput. These user account must be properly configured to ensure that the object cache works correctly. | None. SharePoint: Must be an account that has Full Read access to the Web application |
Domain User |
| WF_Service | WorkFlow Manager Service Account | Local Administrator and SysAdmin rights on the SQL instance. | Domain User |
| SP_MySitePool | Used for the My Sites Web Application | None | Domain User |
| SP_VisioUser | Visio Unattended ID | None | Domain User |
| SP_ExcelUser | Excel Unattended ID | None | Domain User |
| SP_PerfPointUser | Performance Point Unattended ID | None | Domain User |
| SQL_Admin | SQL Admin on the SQL Server. Used to Install the SQL Server. | Local Administrator on the SQL Server | Domain User |
| SQL_Services | It is the service account for the following SQL Server services: MSSQLSERVER SQLSERVERAGENT | None | Domain User |
Script:
$mydom = (get-addomain).distinguishedname
$password = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force
$ouNameSP = "SharePoint Accounts"
$oudnSP = "OU=$ounameSP,$mydom"
$ouNameSQL = "SQL Accounts"
$oudnSQL = "OU=$ounameSQL,$mydom"
#----------------------------> Organizational Unit <----------------------------
New-ADOrganizationalUnit -Name $OUNameSP -Path $mydom
Write-Host "OU $OUNameSP Created" -foregroundcolor green
New-ADOrganizationalUnit -Name $OUNameSQL -Path $mydom
Write-Host "OU $OUNameSQL Created" -foregroundcolor green
#-----------------------------> SharePoint 2016 <-------------------------------
$usersArraySP = @("SP_Farm","SP_Admin","SP_Pool","SP_Services","SP_Crawl","SP_Search",
"SP_UserProfiles","SP_PortalSuperReader","SP_CacheSuperUser","SP_VisioUser",
"SP_PerfPointUser","WF_Service","SP_MySitePool","SP_PortalSuperUser")
foreach ($usp in $usersArraySP) {
New-ADUser -Name $usp -DisplayName $usp -SamAccountName $usp -AccountPassword $password
-ChangePasswordAtLogon $false -PassThru -PasswordNeverExpires $true -Path $oudnSP
Write-Host "$usp Created" -foregroundcolor green
}
#----------------------------------> SQL <--------------------------------------
$usersArraySQL = @("SQL_Admin","SQL_Service")
foreach ($usql in $usersArraySQL) {
New-ADUser -Name $usql -DisplayName $usql -SamAccountName $usql -AccountPassword $password
-ChangePasswordAtLogon $false -PassThru -PasswordNeverExpires $true -Path $oudnSQL
Write-Host "$usql Created" -foregroundcolor green
}
Thanks
Fábio Carvalho
SharePoint Consultant
|create|it|
no Thank you!!! <3