Once we complete creating Search Service Application, The next step is to configure default content access account, which is used by Crawl Component to crawl the content sources like SharePoint content. This crawl account will have read access to all your search content sources such as SharePoint Web Applications.
Set default content access account
You can change search crawl account from SharePoint Central Administration as:
- SharePoint Central Admin >> Application Management >> Manage Service applications
- From the service applications list, Select the Search service application
- On the Search Administration page, click on the account already configured for the default content access account.
- Provide the new crawl account user name and password.
Content access accounts should be normal domain account. We shouldn’t use SharePoint setup account or farm administrator account for crawling content as it would cause security trimming errors.
PowerShell to Change Search Crawl Account in SharePoint 2016:
If you want to change the default content access account for SharePoint 2013 search service application using PowerShell, use this script:
Add-PSSnapin Microsoft.SharePoint.Powershell -ErrorAction SilentlyContinue #Set Default content access account $AccountID = "Crescent\SP16_Crawl" $Password = Read-Host -AsSecureString #Get Search service application $SearchInstance = Get-SPEnterpriseSearchServiceApplication #Set default content access account for crawl Set-SPEnterpriseSearchServiceApplication -Identity $SearchInstance -DefaultContentAccessAccountName $AccountID -DefaultContentAccessAccountPassword $Password
Default content access account permissions:
As soon as you change your Search Crawling Account, SharePoint automatically creates a web application policy with “Full Read” permissions on all Web applications!