Tag Archives: Service Accounts

SharePoint 2016 – Create Service Accounts using PowerShell script

Hey Everyone!!!

Today i will show you how can you create SharePoint 2016 Service Accounts using PowerShell script following the Best Practices.

The script not only create all the accounts but also create the respectives OU (Organizational Unit):

  • SharePoint Accounts
  • SQL Accounts

Service Accounts:

 Name Description Local Rights Domain Rights
SP_FarmThe server farm account is used to perform the following tasks:
-Configure and manage the server farm.
-Act as the application pool identity for the SharePoint Central Administration Web site.
-Run the Microsoft SharePoint Foundation Workflow Timer Service.
SecurityAdmin and DB_Creator rights on the SQL InstanceDomain User
SP_AdminThe server farm account is used to perform the following tasks:
-Setup
-SharePoint Products Configuration Wizard
Local Administrator on all the SharePoint Servers. SecurityAdmin and DB_Creator rights on the SQL InstanceDomain User
SP_PoolThe Pool account is used to run the Web Application PoolsNoneDomain User
SP_ServicesThe Services Account is used to run the Service Application PoolNoneDomain User
SP_CrawlThe Default Content Access Account for the Search Service ApplicationNoneDomain User
SP_SearchService Account to run the SharePoint Search “Windows Service”NoneDomain User
SP_UserProfilesThe User Profile Synchronization AccountNoneDomain User
SP_MySitePoolUsed for the My Sites Web ApplicationNoneDomain User
SP_CacheSuperUserObject Cache Service Account. The goals of the object cache are to reduce the load on the computer on which SQL Server is running, and to improve request latency and throughput. These user account must be properly configured to ensure that the object cache works correctly.None.
SharePoint: Must be an account that has Full Control access to the Web application.
Domain User
SP_CacheSuperReaderObject Cache Service Account. The goals of the object cache are to reduce the load on the computer on which SQL Server is running, and to improve request latency and throughput. These user account must be properly configured to ensure that the object cache works correctly.None.
SharePoint: Must be an account that has Full Read access to the Web application
Domain User
WF_ServiceWorkFlow Manager Service AccountLocal Administrator and SysAdmin rights on the SQL instance.Domain User
SP_MySitePoolUsed for the My Sites Web ApplicationNoneDomain User
SP_VisioUserVisio Unattended IDNoneDomain User
SP_ExcelUserExcel Unattended IDNoneDomain User
SP_PerfPointUserPerformance Point Unattended IDNoneDomain User
SQL_AdminSQL Admin on the SQL Server. Used to Install the SQL Server.Local Administrator on the SQL ServerDomain User
SQL_ServicesIt is the service account for the following SQL Server services: MSSQLSERVER SQLSERVERAGENTNoneDomain User


Script:

 

$mydom = (get-addomain).distinguishedname 
$password = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force 

$ouNameSP = "SharePoint Accounts"
$oudnSP = "OU=$ounameSP,$mydom" 

$ouNameSQL = "SQL Accounts" 
$oudnSQL = "OU=$ounameSQL,$mydom" 

#----------------------------> Organizational Unit <---------------------------- 

New-ADOrganizationalUnit -Name $OUNameSP -Path $mydom 
Write-Host "OU $OUNameSP Created" -foregroundcolor green 

New-ADOrganizationalUnit -Name $OUNameSQL -Path $mydom 
Write-Host "OU $OUNameSQL Created" -foregroundcolor green 

#-----------------------------> SharePoint 2016 <-------------------------------

$usersArraySP = @("SP_Farm","SP_Admin","SP_Pool","SP_Services","SP_Crawl","SP_Search",
                  "SP_UserProfiles","SP_PortalSuperReader","SP_CacheSuperUser","SP_VisioUser",
                  "SP_PerfPointUser","WF_Service","SP_MySitePool","SP_PortalSuperUser")

foreach ($usp in $usersArraySP) {
        New-ADUser -Name $usp -DisplayName $usp -SamAccountName $usp -AccountPassword $password 
        -ChangePasswordAtLogon $false -PassThru -PasswordNeverExpires $true -Path $oudnSP 
        Write-Host "$usp Created" -foregroundcolor green
 }

#----------------------------------> SQL <--------------------------------------
$usersArraySQL = @("SQL_Admin","SQL_Service")

foreach ($usql in $usersArraySQL) {
       New-ADUser -Name $usql -DisplayName $usql -SamAccountName $usql -AccountPassword $password 
       -ChangePasswordAtLogon $false -PassThru -PasswordNeverExpires $true -Path $oudnSQL
       Write-Host "$usql Created" -foregroundcolor green
 }

 

Thanks

Fábio Carvalho
SharePoint Consultant
|create|it|