Introduction
This article is a sequence of real world examples of using PowerShell in SharePoint 2016. In this article, we will discuss how we can use the PowerShell cmdlets to managing the service accounts (Managed Accounts) and Shell Permission in SharePoint. We will try to cover all the available cmdlets, Managed Accounts, and SPShellAdmin i.e. Get, Remove, Repair, and Set.
Scenario
KrossFarm created a separate account for day to day operations (to run the PowerShell commands and other activities). They want to add this account (krossfarm\kfsvcapp) into managed accounts and set the Shell Admin permissions. There is also an account (Krossfarm\kfwfm) which they want to remove from the Managed Account and remove its Shell Admin permissions. Lastly, they updated the password for one account but that was not working, so they have to repair that account.
Tasks
- Add new account.
- Add account into SharePoint Managed accounts.
- Set the Shell Admin permissions for new account.
- Remove the account.
- Get the SPManaged account.
- Get the SPShell account.
- Remove the Shell Permissions for account.
- Remove the account from Managed Accounts.
- Repair the faulty account.
Before Start
- Make sure that you login with the farm admin account which has Shell Admin access.
- Open the SharePoint PowerShell Management Shell (Run as Administrator).
Add New Account
Let’s start with adding a new account into the Managed Account. Start with Get command.
Get-SPManagedAccount
This will list all the managed accounts which are configured in the farm. The output will be like this.
![krossfarm]()
Now, we will add krossfarm\kfsvcapp account into managed accounts.
$acct = Get-Credential
It will prompt you to enter the username and password. Please enter Username in this format - Domain\Username, i.e in our case, Krossfarm\kfsvcapp
![krossfarm]()
New-SPManagedAccount –Credential $acct
Get-SPManagedAccount
As you see, the above commands register the krossfarm\kfsvcapp account as a managed account.
![krossfarm]()
Now, we will set the Shell Admin permissions for this account. Let’s check which account already has permissions.
Get-SPShellAdmin
This will list all the accounts which have Shell Admin Access in the farm.
![krossfarm]()
Now, set the Shell Access to Krossfarm\Kfsvcapp. Please run the below command.
Get-SPDatabase | Add-SPShellAdmin Krossfarm\kfsvcapp
The above commands set the Shell Admin permissions to all the databases, including Content Database, Config Database, and Service Database, as shown in the below image.
![krossfarm]()
Remove Account
Now, we will remove the Krossfarm\kfwfm account from the managed accounts category of the farm. Before removing it, we have to remove the Shell permission of that account.
Get-SPShellAdmin
Remove-SPShellAdmin -UserName "krossfarm\kfwfm" The above set of commands removed the user from the Shell Admin Access.
![krossfarm]()
Now, we will remove the account from the farm.
Get-SPManagedAccount
Remove-SPManagedAccount -Identity "Krossfarm\kfwfm"
Get-SPManagedAccount farm. You will see this in the below output.
![krossfarm]()
Repair Managed Account
Lastly, we have to repair one of registered accounts which has a out of the sync password. We will run the repair command that syncs all the registered accounts in the farm, with app pools and services. Run the below command.
Repair-SPManagedAccountDeployment You have to wait for a couple of minutes, depending upon your environment i.e number of app pools, services etc.
![krossfarm]()
Conclusion
This concludes this article. In this article, we covered total 7 SharePoint PowerShell commands related to registering an account to granting the Shell Admin permission. We executed a scenario that touched all the listed commands.
Reference
Windows PowerShell for SharePoint Server 2016 reference