Introduction

This article is part of a series of real world examples of the using PowerShell in SharePoint 2016. In this article, we will discuss how we will use the PowerShell cmdlets to manage the service accounts (Managed Accounts) and Shell permission in SharePoint. We will try to cover all the available cmdlets Managed Accounts and SPShellAdmin i.e. get, Remove, Repair and Set.

Scenario

KrossFarm created a separate account for the day to day operations (to run the PowerShell commands and other activities). They want to add this account (krossfarm\kfsvcapp) into managed account and set the shell Admin permission. There is also an account (Krossfarm\kfwfm) which we want to remove from the Managed account and remove its shell Admin permission. Lastly, they update the password for one account but that was not working so they have to repair that account.

Tasks

  • Add New Account
    • Add Account into SharePoint Managed Account.
    • Set the Shell Admin permission for new account
  • Remove the Account
    • Get the SPManaged Account
    • Get the SPShell Account
    • Remove the Shell Permission for account
    • Remove the account from Managed Account
  • Repair the Faulty account.

Before Start

  • Make sure you log in with the farm admin account which has Shell Admin access.
  • Open the SharePoint PowerShell Management Shell (Run as Administrator).

Add New Account

Let’s start with the adding new account into the Managed Account. Start with Get Command.

Get-SPManagedAccount

This will list all the managed accounts which are configured in the farm. Output will be like this:
Now, we will add krossfarm\kfsvcapp account into the managed account.

$acct = Get-Credential

It will prompt you to enter the Username and Password. Please enter UserName in such format Domain\Username. In this case Krossfarm\kfsvcapp

New-SPManagedAccount –Credential $acct
Get-SPManagedAccount

As you see, above commands register the krossfarm\kfsvcapp account as a managed account. See the output like.

Now we will set the shell admin permission for this account, Let's check which account already has permission:

Get-SPShellAdmin

This will list all accounts who have Shell Admin Access in the farm. Like this:

Now set the Shell Access to Krossfarm\Kfsvcapp, Please run the below command:

Get-SPDatabase | Add-SPShellAdmin Krossfarm\kfsvcapp

Above commands set the Shell admin permission to all the database including Content Database, Config Database and Service Database. See the figure.

Remove Account

Now we will remove the Krossfarm\kfwfm account from the managed account category of the farm. Before removing it we have to remove the shell permission of that account.

Get-SPShellAdmin
Remove-SPShellAdmin -UserName "krossfarm\kfwfm"

Above set of commands removed the user from the Shell admin access.

Now we will remove the account from the Farm.

Get-SPManagedAccount

Remove-SPManagedAccount -Identity "Krossfarm\kfwfm"
 
Get-SPManagedAccount

You will see this in the below output.


Repair Managed Account

Lastly, we have to repair the one registered account whose password is out of the sync. We will run the repair command. That will sync all registered accounts in the farm with app pools and services. Run the below command.

Repair-SPManagedAccountDeployment
You have to wait for a couple of minutes, depending upon your environment. For example, number of app pools, service, etc.



Conclusion

This concludes today's session. In this article, we covered seven SharePoint PowerShell commands related to registering an account to granting the Shell Admin permission. We execute a scenario which touched all the listed commands. Please check the See Also a section for more information about it.

Reference:


See Also: