SharePoint 2016, Sharepoint 2013, Sharepoint 2010, Windows Server 2012, Sql Server 2012,2014,IIS, Active Directory,User Profile Service, Managed MetaData Service, Search Service, Topology, Web Application, IIS, Site collection, List, Library, PowerShell, office web app, Windows Authentication, NTLM, Kerberos, Saml, ADFS, Active Directory Import, MIM, SharePoint 2016 Managing Registered Accounts and Shell Admin access( Real World Example) – SharePoint

SharePoint 2016 Managing Registered Accounts and Shell Admin access( Real World Example)

Introduction

This article is a sequence of real world examples of the using PowerShell in SharePoint 2016. In this article, we will discuss how we will use the PowerShell cmdlets to managing the service accounts (Managed Accounts) and Shell permission in SharePoint. We will try to cover all the available cmdlets Managed Accounts and SPShellAdmin i.e. get, Remove, Repair and Set.

Scenario

KrossFarm created a separate account for the day to day operations (to run the PowerShell commands and other activities). They want to add this account(krossfarm\kfsvcapp) into managed account and set the shell Admin permission. There is also an account(Krossfarm\kfwfm) which we want to remove from the Managed account and remove its shell Admin permission. Lastly, they update the password for one account but that was not working so they have to repair that account.

Tasks

  • Add New Account
    • Add Account into SharePoint Managed Account.
    • Set the Shell Admin permission for new account
  • Remove the Account
    • Get the SPManaged Account
    • Get the SPShell Account
    • Remove the Shell Permission for account
    • Remove the account from Managed Account
  • Repair the Faulty account.

Before Start

  • Make Sure you login with the farm admin account which has Shell Admin access.
  • Open the SharePoint PowerShell Management Shell (Run as Administrator).

Add New Account

Let’s start, with the adding new account into the Managed Account. Start with Get Command.

Get-SPManagedAccount

This will list all the Managed accounts which are configured in the farm.Output will be like this
Now,w e will add krossfarm\kfsvcapp account into the managed account.

$acct = Get-Credential

It will prompt you to enter the Username and Password. Please enter UserName in such format Domain\Username i.e in our case Krossfarm\kfsvcapp

New-SPManagedAccount –Credential $acct
Get-SPManagedAccount

As you see, above commands register the krossfarm\kfsvcapp account as a managed account. See the output like.

Now we will set the shell admin permission for this account, Let’s check which account already has permission

Get-SPShellAdmin

This will list all account who have Shell Admin Access in the farm. Like this

Now Set the Shell Access to Krossfarm\Kfsvcapp, Please run the below command.

Get-SPDatabase | Add-SPShellAdmin Krossfarm\kfsvcapp

Above commands, set the Shell admin permission to all the database, Including Content Database, Config Database and Service Database.See the fig.

Remove Account

Now, we will remove the Krossfarm\kfwfm account from the managed account category of the farm, before removing it we have to remove the shell permission of that account.

Get-SPShellAdmin
Remove-SPShellAdmin -UserName "krossfarm\kfwfm"

Above set of commands removed the user from the Shell admin access.

Now we will remove the account from farm.

Get-SPManagedAccount

Remove-SPManagedAccount -Identity "Krossfarm\kfwfm"

Get-SPManagedAccount

farm. You will see this in the below output.

 

Repair Managed Account

Lastly, we have to repair the one of register account which password is out of the sync. We will run the repair command, that will sync all registered account in the farm with app pools and services. Run the below command.

Repair-SPManagedAccountDeployment

You have to wait for a couple of minutes, depending upon your environment i.e number of app pools, service etc.

Conclusion

This concludes today’s session. In this article, we covered total 7 SharePoint PowerShell commands related to registering an account to granting the Shell Admin permission. We execute a scenario which touched all the listed commands. Please check the See also a section for more information about it.

Reference:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *