kwizcom banner advertisement

Create SharePoint Service Accounts in AD using PowerShell

I do a lot of SharePoint deployments now a days. I use PowerShell scripts to quickly create SharePoint service accounts instead of manually creating them in Active directory one by one. Run the below PowerShell script from domain controller (or from Remote Server Administration Tools installed workstation) to create service accounts in one-short.
Create SharePoint Service Accounts in AD using PowerShell

Here is the list of Service accounts I use in my SharePoint 2013/SharePoint 2010 deployments:
  1. SP_Setup - SharePoint Setup account
  2. SP_Farm    - SharePoint Farm account
  3. SP_Pool    - The account is used to run the Web Application Pools
  4. SP_Services - The Services Account is used to run the Service Applications
  5. SP_Crawl - The Default Content Access Account for the Search Service Application
  6. SP_UserProfile - The User Profile Import and Synchronization Account
  7. SP_SuperUser - Cache account for Web application super User account
  8. SP_SuperReader - Cache account for Web application super reader account
  9. SQL_Admin - SQL Admin on the SQL Server. Used to Install the SQL Server.
  10. SQL_Services - Service account to run SQL Server services

PowerShell to Create SharePoint Service Accounts in Active Directory
Here is the PowerShell script to create SharePoint Service Accounts in Active directory:
Import-Module ActiveDirectory -ErrorAction SilentlyContinue

#Set configurations
$AccountPassword = "Password1"
#Convert to Secure string 
$Password = ConvertTo-SecureString -AsPlainText $AccountPassword -Force

$Domain = "YourDomain.com"
#Specify the OU
$AccountPath= "ou=SharePoint,DC=YourDomain,DC=com"

#Create SharePoint Accounts
$Account="SP_Setup" 
New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="Account Used to install SharePoint"}

$Account="SP_Farm" 
New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="SharePoint Farm Account."}

$Account="SP_Pool" 
New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="SharePoint Web Application Pools Account"}

$Account="SP_Services" 
New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="Account to run the Service Applications"}

$Account="SP_Crawl" 
New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="Content Access Account for the Search Service Application"}

$Account="SP_UserProfile" 
New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="User Profile Import and Synchronization Account"}

$Account="SP_SuperUser" 
New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="Web application super User account"}

$Account="SP_SuperReader" 
New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description=" Web application super reader account"}

$Account="SQL_Admin" 
New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="SQL Server Admin Account"}

$Account="SQL_Services" 
New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="Account to run SQL Server services"}
Here I'm directly specifying accounts in the PowerShell script. However, You can also use CSV files to import list of service accounts and create them in bulk in active directory.

Create SharePoint Service Accounts from CSV
Here is my CSV file with accounts, passwords and descriptions filled:
How to Create Service Account in Active Directory using PowerShell

PowerShell script to Create AD accounts from CSV:
Import-Module ActiveDirectory -ErrorAction SilentlyContinue

#Set configurations
$Domain = "YourDomain.com"
#Specify the OU
$AccountPath= "ou=SharePoint,DC=YourDomain,DC=com"

# Import the CSV File
$ServiceAccounts = Import-Csv D:\SharePoint\ServiceAccounts.csv

Foreach ($ServiceAccount in $ServiceAccounts) 
 {   
    write-host "Creating Account:"$ServiceAccount.Account
    write-host "Creating Account:"$ServiceAccount.password

    #Convert to password to Secure string 
    $AccountPassword = ConvertTo-SecureString -AsPlainText $ServiceAccount.Password -Force

    $UPN = "$($ServiceAccount.Account)@$($domain)"

    #Create SharePoint Service Accounts from CSV
    New-ADUser -SamAccountName $ServiceAccount.Account -name $ServiceAccount.Account -UserPrincipalName $UPN -Accountpassword $AccountPassword -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description=$ServiceAccount.Description}
 }
Create SharePoint Service Accounts in AD using PowerShell Create SharePoint Service Accounts in AD using PowerShell Reviewed by Salaudeen Rajack on 11:23 AM Rating: 5

No comments:

Please Login and comment to get your questions answered!

Powered by Blogger.