Friday, August 22, 2014

Create SharePoint Service Accounts in AD using PowerShell

I do a lot of SharePoint deployments now a days. I use PowerShell scripts to quickly create SharePoint service accounts instead of manually creating them in Active directory one by one. Run the below PowerShell script from domain controller (or from Remote Server Administration Tools installed workstation) to create service accounts in one-short.

Here is the list of Service accounts I use in my SharePoint 2013/SharePoint 2010 deployments:

  1. SP_Setup - SharePoint Setup account
  2. SP_Farm    - SharePoint Farm account
  3. SP_Pool    - The account is used to run the Web Application Pools
  4. SP_Services - The Services Account is used to run the Service Applications
  5. SP_Crawl - The Default Content Access Account for the Search Service Application
  6. SP_UserProfile - The User Profile Import and Synchronization Account
  7. SP_SuperUser - Cache account for Web application super User account
  8. SP_SuperReader - Cache account for Web application super reader account
  9. SQL_Admin - SQL Admin on the SQL Server. Used to Install the SQL Server.
  10. SQL_Services - Service account to run SQL Server services
Here is the PowerShell script to create SharePoint Service Accounts in Active directory:
Import-Module ActiveDirectory -ErrorAction SilentlyContinue

#Set configurations
$AccountPassword = "Password1"
#Convert to Secure string 
$Password = ConvertTo-SecureString -AsPlainText $AccountPassword -Force

$Domain = ""
#Specify the OU
$AccountPath= "ou=SharePoint,DC=YourDomain,DC=com"

#Create SharePoint Accounts
New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="Account Used to install SharePoint"}

New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="SharePoint Farm Account."}

New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="SharePoint Web Application Pools Account"}

New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="Account to run the Service Applications"}

New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="Content Access Account for the Search Service Application"}

New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="User Profile Import and Synchronization Account"}

New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="Web application super User account"}

New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description=" Web application super reader account"}

New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="SQL Server Admin Account"}

New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="Account to run SQL Server services"}
Here I'm directly specifying accounts in the PowerShell script. However, You can also use CSV files to import list of service accounts and create them in bulk in active directory.

Create SharePoint Service Accounts from CSV
Here is my CSV file with accounts, passwords and descriptions filled:

PowerShell script to Create AD accounts from CSV:
Import-Module ActiveDirectory -ErrorAction SilentlyContinue

#Set configurations
$Domain = ""
#Specify the OU
$AccountPath= "ou=SharePoint,DC=YourDomain,DC=com"

# Import the CSV File
$ServiceAccounts = Import-Csv D:\SharePoint\ServiceAccounts.csv

Foreach ($ServiceAccount in $ServiceAccounts) 
    write-host "Creating Account:"$ServiceAccount.Account
    write-host "Creating Account:"$ServiceAccount.password

    #Convert to password to Secure string 
    $AccountPassword = ConvertTo-SecureString -AsPlainText $ServiceAccount.Password -Force

    $UPN = "$($ServiceAccount.Account)@$($domain)"

    #Create SharePoint Service Accounts from CSV
    New-ADUser -SamAccountName $ServiceAccount.Account -name $ServiceAccount.Account -UserPrincipalName $UPN -Accountpassword $AccountPassword -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description=$ServiceAccount.Description}

You might also like:
SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.
Document SharePoint Farm
Automatically generate SharePoint documentation.

Check out these SharePoint products:

No comments :

Post a Comment

Please Login and comment to get your questions answered!

You might also like:

Related Posts Plugin for WordPress, Blogger...