Search This Blog

Wednesday, March 19, 2014

SharePoint Service account creation with PowerShell from CSV


Quick easy way to create Service Accounts for SharePoint.

Users.csv (layout):
FirstName, LastName, SamAccountName, -acc password-
sp_cacheSuperUser, sp_cacheSuperUser, sp_cacheSuperUser, -acc password-
sp_cacheSuperReader,sp_cacheSuperReader,sp_cacheSuperReader, -acc password-
sp_farm,sp_farm,sp_farm, -acc password-
sp_portal_mysite,sp_portal_mysite,sp_portal_mysite, -acc password-
sp_portal_intranet,sp_portal_intranet,sp_portal_intranet, -acc password-
sp_searchContent,sp_searchContent,sp_searchContent, -acc password-
sp_searchService,sp_searchService,sp_searchService, -acc password-
sp_services,sp_services,sp_services, -acc password-
sp_userProfiles,sp_userProfiles,sp_userProfiles, -acc password-

PowerShell Script:
# Created this script using Windows Server 2012# Import Active Directory module
Import-Module ActiveDirectory -ErrorAction SilentlyContinue

# Set OU for the user accounts
$OU = “OU=SharePoint,OU=Service Accounts,DC=dev,DC=local”

# Get domain name
$dnsroot = ‘@’ + (Get-ADDomain).dnsroot

# Import the file with the users.
$users = Import-Csv .\users.csv #-Delimiter “;”

Write-Output $users

foreach ($user in $users)
{
    # Get password from CSV File
    $Password = ConvertTo-SecureString $user.Password -asPlaintext -Force

    # Create Accounts
    #$FullName = ($user.FirstName + ” ” + $user.LastName)
    $FullName = ($user.LastName)
    $UserPrincipalName = ($user.SamAccountName + $dnsroot)

    try
    {
        New-ADUser -SamAccountName $user.SamAccountName –Name $FullName –DisplayName $FullName -GivenName $user.FirstName -Surname $user.LastName –UserPrincipalName $UserPrincipalName -Enabled $true -ChangePasswordAtLogon $false -PasswordNeverExpires $false -Path $OU -AccountPassword $Password -PassThru | Out-Null
        Write-Output “Created user $($user.SamAccountName)
    }
    catch [System.Object]
    {
        Write-Output “Could not create user $($user.SamAccountName), $_
    }

Posted by at No comments:
Labels: , , ,

MSMQ workgroup flag reverts back to 1

Manage to fix this issue on my VM by following these next steps:

Uninstall MSMQ from windows features completely

Setting Permissions in Active Directory Domain Services Before Installing the Routing Service or the Directory Service Integration Features of Message Queuing

The successful installation of the Routing Service feature on a Windows Server 2008 R2 computer that is not a domain controller, or the Directory Service Integration feature of Message Queuing on a Windows Server 2008 R2 computer that is a domain controller requires that specific permissions are set in Active Directory Domain Services. Follow these steps to grant the appropriate permissions in Active Directory Domain Services before installing these features.

To grant permissions for a computer object to the Servers object in Active Directory Domain Services before installing the Routing Service feature on a computer that is not a domain controller

  1. Click Start , point to Programs , point to Administrative Tools , and then click Active Directory Sites and Services to open Active Directory Sites and Services .
  2. Click to expand Active Directory Sites and Services , click to expand Sites , and then click to expand the site which this computer will be a member of.
  3. Right-click Servers and select Properties to display the Servers Properties dialog box.
  4. Click the Security tab of the Servers Properties dialog box.
  5. Click the Add button to display the Select Users, Computer, or Groups dialog box.
  6. Click the Object Types button to display the Object Types dialog box, click to enable Computers , and then click OK .
  7. Enter the name of the computer for which the Routing Service or Directory Service Integration feature will be installed, click Check Names , and then click OK .
  8. Enable the following permissions for this computer object:
    • Allow Read
    • Allow Write
    • Allow Create all child objects
  9. After enabling these permissions, click Advanced to display the Advanced Security Settings for Servers dialog box.
  10. Select the computer object from the list of permission entries, and then click the Edit button.
  11. Select Thisobject and all descendant objects from the Apply to drop-down list, and then click OK .
  12. Click OK to close the Advanced Security Settings for Servers dialog box.
  13. Click OK to close the Server Properties dialog box.

To grant the Network Service account the Create MSMQ Configuration Objects permission to the computer object in Active Directory Domain Services before installing the Directory Services Integration feature on a computer that is a domain controller

  1. Click Start , point to Programs , point to Administrative Tools , and then click Active Directory Users and Computers to open Active Directory Users and Computers.
  2. Click the View menu and click to enable the options for Users, Groups, and Computers as containers and Advanced Features .
  3. Click to expand the Domain container for the domain, click to expand the Computers container, right-click the computer object on which the Directory Services Integration feature is being installed, and then click Properties to display the computer properties dialog box.
  4. Click to select the Security tab of the computer properties dialog box.
  5. Click the Advanced button to display the Advanced Security Settings for  dialog box.
  6. Click the Add button to display the Select User, Computer, or Group dialog box.
  7. Type Network Service into the Enter the object name to select edit box. Click Check Names , and then click OK .
  8. Click to enable Allow for the Create MSMQ Configuration objects permission, and then click OK to close the Permissions Entry for  dialog box.
  9. Click OK to close the Advanced Security Settings for  dialog box.
  10. Click OK to close the computer properties dialog box.
Install MSMQ with Directory Service Integration
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)