SharePoint 2013 Service Account Creator
This project consists of a PowerShell script, some XML input files, which together provide a fully automated creation of the Service Accounts required for SharePoint Server 2013.
The project comes with three different sets of Service Accounts for both SQL and SharePoint. You have the low, medium and high security option. The Higher Security, the more accounts you have in order to better achieve the Least Privilege Service Accounts.
However, there is also an XML file you can define and create what users you want!
Although the Project Name is "SharePoint 2013.." , those service accounts also work for SharePoint 2010.
The three levels of pre-defined Service accounts are based on my post you can find here: http://www.absolute-sharepoint.com/2013/01/sharepoint-2013-service-accounts-best.html.
How to use the script
- You must be logged in on a Domain Controller.
- You must be logged in as a Domain Administrator
Using the script.
First of all, decide what level of Service accounts you want to use by reading the following article: http://www.absolute-sharepoint.com/2013/01/sharepoint-2013-service-accounts-best.html .
Modifying the XML Files
You can either leave the accounts as is, if you're happy with the accounts or you can modify the name, but not the structure. You will notice there is a Password field for every account. Only set it if you want a different password for every
account. If you want the same password for all the accounts, the script will prompt you for it.
-Level low, medium, high, ,custom Mandatory
Will create the service accounts from either ServiceAccountslow.xml or ServiceAccountsmed.xml or ServiceAccountshigh.xml or ServiceAccountsCustom.xml
By default, an Organizational Unit named "SharePoint Service Accounts" will be created. If you want to name it differently, set this parameter.
-SQLLevel low, medium, high, ,custom Optional
By default. the Script only creates the SharePoint Service Accounts. However, if you need it to create the SQL ones as well, use the -sqllevel parameter which will chose what level of service
accounts you want. It will create the service accounts from either sqllow.xml , sqlmed.xml, sqlhigh.xml or sqlcustom.xml
-Optional Accounts true/false. Default = False. Optional
Tell the script if it should create the Optional Service accounts for the Acces, Performance Point, Excel, Visio and the two cache users.
.\sp2013serviceaccounts.ps1 -level medium -CustomOu MyServiceAccounts
This command will create the service accounts in ServiceAccountsMed.xml and also create and put them in an OU called "MyServiceAccounts"
\sp2013serviceaccounts.ps1 -level high -SQLLevel high
This command will create the service accounts in ServiceAccountsHigh.xml and also create the SQL service accounts in sqlhigh.xml and put them in the default OU called "SharePoint Service Accounts"
.\sp2013serviceaccounts.ps1 -level high -SQLLevel high -OptionalAccounts $true
This command will create the service accounts in ServiceAccountsHigh.xml, create the SQL service accounts in sqlhigh.xml . It will also include the Optional Accounts. It will put them in the default OU called "SharePoint Service Accounts"
-24 February 2013: Beta version 1 is out!. New Features:
- Include the Custom level
- When creating users, added with what password they were created (XML or Default)
- Added the Optional Service Accounts for the Enterprise Service Applications