Skip Ribbon Commands
Skip to main content

Anders Rask on SharePoint

:

Anders Rask on SharePoint > Posts > Creating your SharePoint service accounts using PowerShell on R2
July 28
Creating your SharePoint service accounts using PowerShell on R2
In my company we spawn new virtual farms almost every week, and as an architect I want my developers to use the right accounts for the right services. Also I like the idea of having consistent naming of service accounts for different customer projects, and since we are +10 SharePoint architects its unlikely we should choose the same naming convention. To support these ideas I add service accounts using PowerShell.
 
If you are running Windows Server 2008 R2 you no longer need to install Quest PowerShell add-ins to be able to easily create your AD users (new-QADuser), since R2 comes with a range of PowerShell cmdlets for this very purpose.

Adding a new AD user:

PS C:\> New-ADUser -Name "Test1"

 

Now this would just place a disabled user called Test1 in the Users OU, so lets try with a few more details. Since the goal is to create service accounts for a development environment lets set some expiration policies and place it in a SharePoint OU. Since we also want to give the account a password, we need to supply the cmdlet with a secure string containing the value:

PS C:\> $password = Read-Host "Please enter a password for the accounts" -AsSecureString
 
Now lets use that in our cmdlet:
 
PS C:\> New-ADUser -name test1 -samaccountname test1 -userprincipalname test1@myDomain.local -enabled $true
 -passwordneverexpires $true
 -cannotchangepassword $true -Path "OU=SharePoint,DC=myDomain,DC=local"
 -accountpassword $password
 

Adding users from a CSV file:

Adding users one by one is cumbersome, and there is not much gained from doing it manually, so lets say we already typed in a bunch of service accounts (or ordinary user accounts and security groups for that matter), and we wanted to export those into a CSV file that we could then add on every new AD ment for SharePoint development.
 
In PowerShell that's easy: The Export-CSV and Import-CSV commands lets us receive data from the pipeline and export it to a CSV file, that we can then use on another AD to import back into AD:
 
PS C:\> Get-AdUser -Filter *
 
Again this gives us alot of users, so lets use the Filter expression (think of it as a LDAP Query) to limit the users returned. Since all service accounts on my farm are prefixed with "svc" lets apply that filter to the name of the user:
 
PS C:\> get-aduser -filter {Name -like "svc*"}
 
To limit the query further, lets specify what OU we want our users from:
 
PS C:\> get-aduser -filter {Name -like "svc*"}
 -SearchBase "OU=SharePoint,DC=myDomain,DC=local"
 
To pipe the users into a CSV file, we first need to select what attributes we need, and then use Export-CSV to stuff it into a file:
 
PS C:\> get-aduser -filter {Name -like "svc*"}
 -SearchBase "OU=SharePoint,DC=myDomain,DC=local" |
 select name, samaccountname, userprincipalname |
 Export-CSV "c:\SharePoint service accounts.csv"
 -NoTypeInformation -Encoding "UTF8"
 
Now we got the users in a CSV file that could look something like this
"name","samaccountname","userprincipalname"
"svcSPapp1","svcSPapp1","svcSPapp1@myDomain.local"
"svcSPsys","svcSPsys","svcSPsys@myDomain.local"
"svcSPservices","svcSPservices","svcSPservices@myDomain.local"
"svcSPups","svcSPups","svcSPups@myDomain.local"
"svcSPcontent","svcSPcontent","svcSPcontent@myDomain.local"
"svcSPmysite","svcSPmysite","svcSPmysite@myDomain.local"
"svcSFsearch","svcSFsearch","svcSFsearch@myDomain.local"
"svcSPsearch","svcSPsearch","svcSPsearch@myDomain.local"
"svcSPexcel","svcSPexcel","svcSPexcel@myDomain.local"
"svcSPquery","svcSPquery","svcSPquery@myDomain.local"
"svcSFquery","svcSFquery","svcSFquery@myDomain.local"
"svcSPintranet","svcSPintranet","svcSPintranet@myDomain.local"
"svcSPMSA","svcSPMSA","svcSPMSA@myDomain.local"
"svcSPusercode", "svcSPusercode", "svcSPusercode@myDomain.local"
"spInstall", "spInstall", "spInstall@myDomain.local"
Moving to your other AD, you can import the files using a combination of Import-CSV and New-ADUser (you might want to replace the userprincipalname if you decide you want it in the CSV):
 
First define the password as earlier specified. Since its a development environment we set all passwords to the same value, obviously this isnt a best practice you would want on your production environment :-). You could keep the password in the CSV file and convert it to a secure string using ConvertTo-SecureString "yourpassword" -Force -AsPlainText or type it in as you iterated (hint: Foreach-Object)
 
PS C:\> Import-CSV 'C:\SharePoint service accounts.csv' |
 New-ADUser -accountpassword $password -enabled $true
 -password neverexpires $true -cannotchangepassword $true
 -Path "OU=SharePoint,DC=myDomain,DC=local"
 
Now you have successfully imported the service accounts into your development farm AD.
 
The same approach can be used if you want dummy users for your demo farm, or development environment. You might want to use Get-ADObject instead though, if you need to get both users and security groups out in a CSV, or use Get-ADGroup to target groups specifically.
 
I wrapped the above up in two small cmdlets, Export-ADUser and Import-ADUser. They are pretty rough around the edges, since I'm still not entirely comfortable with PowerShell yet, but they get the job done. I added the code at the bottom.
 
Syntax for calling cmdlets:
 
#Export syntax
Export-ADUser  -filter {name -like "svc*"} -path c:\test.csv
 -columns name, samaccountname, id

#Import, specifying password from commandline

Import-ADUser -path 'c:\SharePoint service accounts.csv'
 -password (ConvertTo-SecureString P@ssw0rd1 -Force -AsPlainText) 
 -ldappath "ou=SharePoint,dc=myDomain,dc=local"

#Import, prompt for password
Import-ADUser -path 'c:\SharePoint service accounts.csv'
 -ldappath "ou=SharePoint,dc=myDomain,dc=local"
 
Im still a PowerShell newbie, so credit for inspiration to this post goes to Don's excellent PowerShell post Don's 18.8-minute PowerShell Crash Course (You CAN Learn This!). A great post to get you started on PowerShell!
 
#ensure ActiveDirectory module is loaded
if (-not (Get-Module -name "ActiveDirectory"))
{
    Import-Module "ActiveDirectory"
}<#
 .SYNOPSIS
  Export the selected users to the CSV file specified
 .PARAMETER Path
  Specifies the path to the CSV output file. The parameter is required.
 .PARAMETER Filter
  Specifies a query string that retrieves Active Directory objects. The parameter is required.
 .PARAMETER SearchBase
  Specifies an Active Directory path to search under.
 .PARAMETER Columns
  Specify columns to incude in CSV file, seperated by comma.
 .EXAMPLE
  Export-ADUser -path "c:\users.csv" -filter {name -like "svc*"} -params name, samaccountname, userprincipalname
  This command fetches all users and export it into a CSV file
#>
function Export-ADUser
{
   [CmdletBinding()]
    param(
        [Parameter(Mandatory=$true)]
        [ValidateScript({$_ -is [string]})]
  [string]
  $path,
        [Parameter(Mandatory=$true)]
  [ValidateScript({$_ -is [scriptblock]})]
  [scriptblock]
  $filter,
  [Parameter(Mandatory=$false)]
  [ValidateScript({$_ -is [string]})]
  [string]
  $searchBase = (Get-ADdomain | select DistinguishedName).DistinguishedName,
  [Parameter(Mandatory=$false,ValueFromRemainingArguments=$true)]
  [String[]]
  $columns
    ) if ($columns)
 {
  Get-ADUser -SearchBase $searchBase -Filter $filter | select $columns | Export-Csv $path -NoTypeInformation -Encoding "UTF8"
 }
 else
 {
  Get-ADUser -SearchBase $searchBase -Filter $filter | Export-Csv $path -NoTypeInformation -Encoding "UTF8"
 }}<#
 .SYNOPSIS
  Imports users given in CSV file into AD
 .PARAMETER Path
  Specifies the path to the CSV output file. The parameter is required.
 .PARAMETER Password
  Password as a secure string. If omitted user will be prompted for passwords for each account.
 .PARAMETER LdapPath
  The path of the Organizational Unit (OU) where user is created
#>
function Import-ADUser
{
 [CmdletBinding()]
 param(
  [Parameter(Mandatory=$true)]
  [string]
  $path,
  [Parameter(Mandatory=$false)]
  [System.Security.SecureString]
  $password = (Read-Host "Please enter a password for the accounts" -AsSecureString),
  [Parameter(Mandatory=$true)]
  [string]
  $ldapPath
 )
 if ( -not(Test-Path $path ))
 {
  Write-Error "Invalid path."
  return
 }
 $Error.Clear()
 Import-Csv $path | New-ADUser -accountpassword $password -enabled $true `
                 -passwordneverexpires $true -cannotchangepassword $true -Path $ldapPath `
-ErrorAction SilentlyContinue -ErrorVariable +Err if (!$Err) { Write-Host "Users was successfully imported into AD" } else { Write-Host "The following errors occurred during import:" for ($i=0; $i -le $Err.Count; $i++ ) { if ($Err[$i]) { Write-Host "Error# $i" -ForegroundColor Red Write-Host $Err[$i].FullyQualifiedErrorId -ForegroundColor Red Write-Host $Err[$i].TargetObject -ForegroundColor Red } } } }

Comments

Re: Creating your SharePoint service accounts using PowerShell on R2

Sharepoint is a new topic to me, I have never heard of it before. But I am sure I will find about it on https://www.essayuniverse.net/edusson-review/. I will come back to this post later, for sure.
 on 11/14/2018 8:49 AM

Sharepoint

There is a little special case I might want to impart to you. When you effortlessly stop Distributed store. Stop-SPDistributedCacheServiceInstance - Graceful .You should hold up some time, so stored things are exchanged to the another dynamic hub in Distributed reserve group like https://www.dissertationhelpdeal.co.uk/. For instance we have 2 servers in our Cache group: server1 and server2. Before we stop dispersed store administration on server1 we could check the wellbeing of the bunch. Regularly it should resemble this: use-cachecluster get-cacheclusterhealth
 on 3/18/2019 8:30 AM

Re: Creating your SharePoint service accounts using PowerShell on R2

Thank you for sharing the code, it's very helpful for me.
https://gmailemail-login.com/
 on 6/6/2019 3:43 AM

Top Quality Online Assignment Help Services | Hire for A + Grades

We offer the best online assignment help and academic writing service in AUS, UK & USA. Hire native experts now & get FLAT 20% OFF on your first order.
 on 6/11/2019 2:11 AM

Top Quality Online Assignment Help Services | Hire for A + Grades

We offer the best online assignment help and academic writing service in AUS, UK & USA. Hire native experts now & get FLAT 20% OFF on your first order.

https://www.gotoassignmenthelp.com/
https://www.gotoassignmenthelp.com/au/
https://www.gotoassignmenthelp.com/my/
 on 6/11/2019 2:11 AM

Nursing Dissertation Help | Safe Secure Affordable

GotoDissertationHelp- No1 Online Dissertation Writing Service UK.

We offer the best Dissertation help and academic writing service in AUS, UK & USA. Hire native experts now & get FLAT 20% OFF on your first order.


dissertation help------- https://www.gotodissertationhelp.co.uk/ 

nursing dissertation help-------- https://www.gotodissertationhelp.co.uk/nursing-dissertation-help/
finance dissertation help--------- https://www.gotodissertationhelp.co.uk/finance-dissertation-help/ 
 on 6/11/2019 6:12 AM

UK Essay Assignment Help Service | GotoEssayHelp.co.uk


GotoEssayHelp.co.uk is the best place to get your assignment essays done. We have the best resources to cater your demands and assure you great grades.
essay help https://www.gotoessayhelp.co.uk/
cheap essay writing service https://www.gotoessayhelp.co.uk/cheap-essay-writing/
Do my Essay------ https://www.gotoessayhelp.co.uk/do-my-essay/ 
 on 6/11/2019 8:09 AM

forex fury review online

Forex Fury is a new automated EA. It’s rare that I ever review Forex products but this system is the exception for a reason.

https://binarytoday.com/forex-fury/
 on 7/11/2019 5:11 AM

Best Insurance Quotes - Optinsure.com

Optinsure.com, one of the leading insurance providing portals, is offering the best life, mortgage, annuities, final expense and health insurance quotes. Receive multiple cheap insurance quotes from various insurers to choose the most suitable plan and forget the worries. For more details, visit our website: https://www.optinsure.com/ or call us at 1 (855) 894-1863.

https://www.optinsure.com/final-expense-get-quote
https://www.optinsure.com/final-expense
https://www.optinsure.com/mortgage-protection-get-quote
https://www.optinsure.com/mortgage-protection
 on 7/24/2019 8:25 AM

Good

This is a good way that can help all people to migrate the server on its basic requirements. I am sure that more people would be able to fix all of the things themselves. https://www.theacademicpapers.co.uk/dissertation-writing-services-uk.php
 on 7/24/2019 12:40 PM
1 - 10Next

Add Comment

Title


Body *


Migrated Source URL


Commentator Name


Commentator Email


BotCheck *


Are you human? What is the sum of fifty-two minus ten?

Attachments