Farm Admin
Two sets of users are allowed to do administrative functions for Microsoft: members of the administrators group for the local server computer and members of the SharePoint administration group. The SharePoint administration group is a Microsoft Windows domain group that is registered with it. Members of this domain group can do Central Administration tasks without having to be given administrator rights to the local server computer. This is particularly useful in a server Farm, because you can grant rights across the server Farm, rather than individually for each computer in the server Farm. This is also useful for applications that call into the administrative object model for whatever. If the application process can be configured to run as a member of the SharePoint administration group, it can create new sites, modify quota values for sites and so on.
Members of the SharePoint administration group can do SharePoint Central Administration tasks, but do not have access to the file system of the server or the IIS metabase, so they cannot perform actions on other applications running on the server, such as IIS, Microsoft SQL Server, ASP.NET and so on.
Members of the SharePoint administration group can perform any other administrative action using the HTML Administration pages or object model for. For example, members of the group can view and manage all sites created on their servers. This means that a member of the SharePoint administration group can read documents or list items, change survey settings, delete a site, or perform any action on a site that the site administrator can perform.
Get Farm admins
The following piece of code gets the users under the SharePoint Farm Administrator group.
- Function GetSPfarmAdministrators
- {
- $localServer = $env:computername
- write-host "Getting farm administartors list" -fore magenta
- $output = $scriptbase + "\" + "FarmAdmins.csv"
- "ServerName" + "," + "FarmAdmin" + "," + "DisplayName" | Out-File -Encoding Default -FilePath $Output;
- $adminwebapp = Get-SPwebapplication -includecentraladministration | where {$_.IsAdministrationWebApplication}
- $adminsite = Get-SPweb($adminwebapp.Url)
- $AdminGroupName = $adminsite.AssociatedOwnerGroup
- $farmAdministratorsGroup = $adminsite.SiteGroups[$AdminGroupName]
- $FarmAdminUsers = $farmAdministratorsGroup.users
- foreach($user in $FarmAdminUsers)
- {
- write-host $user.name -fore cyan
- $localServer + "," + $user.Loginname + "," + $user.name | Out-File -Encoding Default -Append -FilePath Output;
- }
- write-host "Farm administrators details collectd" -fore green
- }
Add users or groups to Farm admin group.
- Function AddSPfarmAdministrator([string] $LoginName)
- {
- $ans = read-host "Do you want the user $LoginName to be added to the SP farm administrator group (y/n)? "
- if($ans -eq 'y')
- {
- $adminwebapp = Get-SPwebapplication -includecentraladministration | where {$_.IsAdministrationWebApplication}
- $adminsite = Get-SPweb($adminwebapp.Url)
- $admingroup = $adminsite.AssociatedOwnerGroup
- write-host "Adding user $LoginName to the SP farm admin group" -fore cyan
- $adminsite.SiteGroups[$admingroup].AddUser($LoginName,"","","")
- write-host "User $LoginName added to successfully to the SP farm admin group" -fore green
- }
- else
- {
- write-host "User choose not to add the user to SP farm admin group"
- }
- }
Add users or groups from Farm admin group
- Function RemoveSPfarmAdministrator([string] $LoginName)
- {
- $ans = read-host "Do you want the user $LoginName to be removed from SP farm administrator group (y/n)? "
- if($ans -eq 'y')
- {
- $adminwebapp = Get-SPwebapplication -includecentraladministration | where {$_.IsAdministrationWebApplication}
- $adminsite = Get-SPweb($adminwebapp.Url)
- $admingroup = $adminsite.AssociatedOwnerGroup
- write-host "Removing user $LoginName from SP farm admin group" -fore cyan
- $user = get-spuser $LoginName -web $adminwebapp.Url
- $adminsite.SiteGroups[$admingroup].RemoveUser($user)
- write-host "User $LoginName removed successfully from SP farm admin group" -fore green
- }
- else
- {
- write-host "User choose not to remove the user from SP farm admin group"
- }
- }
Complete Code
Conclusion
Thus this article has explained how to Get/Add/Remove users in a SharePoint administrator group using a PowerShell script.