Create SharePoint Service Accounts in AD using PowerShell

I do a lot of SharePoint deployments nowadays. I use PowerShell scripts to quickly create SharePoint service accounts instead of manually creating them in the Active directory one by one. Run the below PowerShell script from the domain controller (or from Remote Server Administration Tools installed workstation) to create service accounts in one shot.

Create SharePoint Service Accounts in AD using PowerShell

Here is the list of Service accounts I use in my SharePoint 2013/SharePoint 2010 deployments:

  1. SP_Setup – SharePoint Setup account
  2. SP_Farm    – SharePoint Farm account
  3. SP_Pool    – The account is used to run the Web Application Pools
  4. SP_Services – The Services Account is used to run the Service Applications
  5. SP_Crawl – The Default Content Access Account for the Search Service Application
  6. SP_UserProfile – The User Profile Import and Synchronization Account
  7. SP_SuperUser – Cache account for Web application super User account
  8. SP_SuperReader – Cache account for Web application super reader account
  9. SQL_Admin – SQL Admin on the SQL Server. Used to Install the SQL Server.
  10. SQL_Services – Service account to run SQL Server services

PowerShell to Create SharePoint Service Accounts in Active Directory

Use this PowerShell script to automate the creation of service accounts in Active Directory. Although this can be done manually, using PowerShell will save you time and ensure that all accounts are created consistently. This blog post will show you how to create SharePoint service accounts in AD by PowerShell cmdlets, making it easier for you on repeat deployments/configurations.

Here is the PowerShell script to create SharePoint Service Accounts in Active directory:

Import-Module ActiveDirectory -ErrorAction SilentlyContinue

#Set configurations
$AccountPassword = "Password1"
#Convert to Secure string 
$Password = ConvertTo-SecureString -AsPlainText $AccountPassword -Force

$Domain = "YourDomain.com"
#Specify the OU
$AccountPath= "ou=SharePoint,DC=YourDomain,DC=com"

#Create SharePoint Accounts
$Account="SP_Setup" 
New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="Account Used to install SharePoint"}

$Account="SP_Farm" 
New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="SharePoint Farm Account."}

$Account="SP_Pool" 
New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="SharePoint Web Application Pools Account"}

$Account="SP_Services" 
New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="Account to run the Service Applications"}

$Account="SP_Crawl" 
New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="Content Access Account for the Search Service Application"}

$Account="SP_UserProfile" 
New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="User Profile Import and Synchronization Account"}

$Account="SP_SuperUser" 
New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="Web application super User account"}

$Account="SP_SuperReader" 
New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description=" Web application super reader account"}

$Account="SQL_Admin" 
New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="SQL Server Admin Account"}

$Account="SQL_Services" 
New-ADUser -SamAccountName $Account -name $Account -UserPrincipalName $Account@$domain -Accountpassword $Password -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description="Account to run SQL Server services"}

Here I’m directly specifying accounts in the PowerShell script. However, You can also use CSV files to import list of service accounts and create them in bulk in active directory.

Create SharePoint Service Accounts from CSV

Here is my CSV file with accounts, passwords and descriptions filled:

How to Create Service Account in Active Directory using PowerShell

PowerShell script to Create AD accounts from CSV:

Import-Module ActiveDirectory -ErrorAction SilentlyContinue

#Set configurations
$Domain = "YourDomain.com"
#Specify the OU
$AccountPath= "ou=SharePoint,DC=YourDomain,DC=com"

# Import the CSV File
$ServiceAccounts = Import-Csv D:\SharePoint\ServiceAccounts.csv

Foreach ($ServiceAccount in $ServiceAccounts) 
 {   
    write-host "Creating Account:"$ServiceAccount.Account
    write-host "Creating Account:"$ServiceAccount.password

    #Convert to password to Secure string 
    $AccountPassword = ConvertTo-SecureString -AsPlainText $ServiceAccount.Password -Force

    $UPN = "$($ServiceAccount.Account)@$($domain)"

    #Create SharePoint Service Accounts from CSV
    New-ADUser -SamAccountName $ServiceAccount.Account -name $ServiceAccount.Account -UserPrincipalName $UPN -Accountpassword $AccountPassword -Enabled $true -PasswordNeverExpires $true -path $AccountPath -OtherAttributes @{Description=$ServiceAccount.Description}
 }

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two-decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. He has held various positions including SharePoint Architect, Administrator, Developer and consultant, has helped many organizations to implement and optimize SharePoint solutions. Known for his deep technical expertise, He's passionate about sharing the knowledge and insights to help others, through the real-world articles!

Leave a Reply

Your email address will not be published. Required fields are marked *