Create New Managed Account in SharePoint Using PowerShell
Managed accounts are active directory accounts for SharePoint whose credentials are managed by SharePoint. Managed accounts in SharePoint 2013 is explained in another article: Configuring Managed Accounts in SharePoint 2013.
How to create a managed account in SharePoint 2013 / 2016?
To register a new managed account in SharePoint 2013, here are the steps:
- Open SharePoint 2013 Central administration site.
- Go Security >> Click on Configure Managed Accounts.
- Click the Register Managed Account link to create a new managed account.
- Enter the account’s AD username in domain\username format. Specify the account’s password.
- Optionally, You can enable the automatic password reset.
- Click “OK” to create managed account in SharePoint 2013.
Create a new managed account SharePoint 2013 using PowerShell
To create a managed account using PowerShell: use the New-SPManagedAccount cmdlet. Here is how:
$cred = Get-Credential
New-SPManagedAccount -Credential $cred
This prompts you to enter credentials and register a managed account in SharePoint 2013/2016.
Register managed accounts SharePoint 2013 in Bulk:
Let’s create multiple managed accounts in SharePoint 2013 using PowerShell:
Add-PSSnapin microsoft.sharepoint.powershell -ea SilentlyContinue
#Define a common password for all service accounts
$password = "Password1"
$securePassword = ConvertTo-SecureString -String $password -AsPlainText -Force
#List of Service accounts
$ServiceAccounts = "SP-Farm","SP_Services","SP_Search","SP_UserProfile"
ForEach ($Account in $ServiceAccounts)
{
#Get the account in Domain\UserName format
$userName = $env:USERDOMAIN + "\" + $Account
#Set the Credentials
$cred = New-Object System.Management.Automation.PSCredential -ArgumentList $username, $securePassword
#Create Managed Account
New-SPManagedAccount -Credential $cred
}
Here, I’ve specified a standard password for all managed accounts. However, you can set different passwords for different service accounts.
Troubleshooting:
While trying to add a managed account in SharePoint 2013, You may encounter the below issues:
SharePoint register managed account access denied: unable to register a managed account
You may get an access denied error when registering a managed account via Central Administration. You’ll get this error: >> Security >> Configure Managed Account >> Register Managed Account.
- Make sure either you are running SharePoint Management shell as administrator or UAC is disabled prior to executing PowerShell cmdlets.
- Verify that your service account is allowed to change the password from its properties – “User cannot change password”!
- If the “Automatic Password reset” property is already enabled for your managed account, you may get an “Access denied” error! Remove that existing account and create a new one.
- Use PowerShell to register a new managed account!
SharePoint managed account requested registry access is not allowed:
Fix: Your Central administration App pool Identity must be a Farm Admin account also a LOCAL Administrator account
The given key was not present in the dictionary when register managed account in SharePoint 2013
Fix – KB: https://support.microsoft.com/kb/2463865/en-us