Managed accounts are Active Directory User accounts whose credentials are managed by and contained within in SharePoint.
Managed account credentials are encrypted using a farm encryption key at the time of run PSConfig (SharePoint Product Configuration Wizard) based on the Passphrase specified.
This Passphrase remains stored in secure registry location and can only be accessed by Farm Account while Farm Encryption Key remains stored in the configuration database.
In this article we will be going through the Steps and PowerShell Scripts involved in automating the process of Registering Managed Accounts in SharePoint 2016.
- Launch Central Administration Site
- Click on “Security” option in the left navigation menu
- Under Security we can see the option “Configure Managed Accounts”
- On Managed Accounts Screen we can see the list of Managed Account already registered with SharePoint
In order to register the Managed Account using UI we can click the link “Register Managed Account”
And if we try to register the account which is not the valid Active Directory User Account, we would encounter the SharePoint Exception as shown below, so be careful while planning for registering in bulk by using PowerShell Driven Solutions.
Since this article is all about on automating register Managed Accounts process so we will see the PowerShell Scripts to be used to achieve this.
- Initialize variable holding valid Active Directory User account information
$userNameWithDomain = "Prashant\prashant-bansal"
Word of Advice
While working on Reusable PowerShell Scripts User information should be taken as input from external CSV files to make it much more flexible
- Convert the Password to a Secure String or you can make use of “Get-Credential” cmdlet as well
$password = ConvertTo-SecureString "Prashant123456" -AsPlainText -Force $sharePointCredential = New-Object System.Management.Automation.PSCredential $userNameWithDomain, $password
- Call “New-SPManagedAccount” cmdlet and pass on the credential object to it to get it registered with SharePoint 2016
- Launch “SharePoint 2016 Management Shell”
- Run the PowerShell Commands we discussed above
Once the commands get executed successfully we can go back to Managed Account Screen to the new entry that gets added to the list of registered Managed Accounts as shown below:
You can verify the properties of Managed Account by choosing for Editing option for the specific Account as shown below:
And we are done!!!
Hope you find it helpful.