Managed accounts are Active Directory User accounts whose credentials are managed and contained within SharePoint.
Managed account credentials are encrypted, using a Farm encryption key at the time of run PSConfig (SharePoint Product Configuration Wizard), which is based on the specified Passphrase.
This Passphrase remains stored in secure registry location and can only be accessed by a Farm account while Farm Encryption Key remains stored in the configuration database.
In this article, we will be going through the steps and PowerShell Scripts involved in automating the process of registering managed accounts in SharePoint 2016.
- Launch Central Administration site.
- Click Security option in the left navigation menu.
- Under Security, we can see the option Configure Managed Accounts.
- On the Managed Accounts screen, we can see the list of Managed Accounts, which are already registered with SharePoint.
In order to register the Managed Account using UI, we can click the link, Register Managed Account.
If we try to register the account, which is not the valid Active Directory User account, we will encounter a SharePoint exception, as shown below, so be careful while planning for registering in bulk by using PowerShell Driven solutions.
Since this article is all about automating registered managed accounts process, we will see PowerShell Scripts to be used to achieve this.
PowerShell commands
- Initialize the variable holding valid Active Directory User account information.
$userNameWithDomain = “Prashant\prashant-bansal”
Word of Advice
While working on Reusable PowerShell Scripts, user information should be taken as an input from external CSV files to make them more flexible.
- Convert the password to a secure string or you can make use of Get-Credential” cmdlet as well.
- $password = ConvertTo-SecureString “Prashant123456” -AsPlainText -Force
- $sharePointCredential = New-Object System.Management.Automation.PSCredential $userNameWithDomain, $password
- Call “New-SPManagedAccount” cmdlet and pass on the credential object to it to get it registered with SharePoint 2016
- New-SPManagedAccount $sharePointCredential
Execution
- Launch SharePoint 2016 Management Shell.
- Run PowerShell commands, which we discussed above.
Once the commands are executed successfully, we can go back to Managed Account screen to the new entry, which gets added to the list of the registered Managed Accounts, as shown below.
You can verify the properties of Managed Account by choosing Editing option for the specific account, as shown below.
Hope, you found it helpful.