Create SharePoint service accounts with PowerShell

There are a few of these scripts around to create SharePoint service accounts with PowerShell but I decided to create a new one as SharePoint 2019 is coming with a bit more functionality and error handling.
A good blog about the different service accounts needed can be found at https://absolute-sharepoint.com/2017/03/sharepoint-2016-service-accounts-recommendations.html
The general recommendation in this blog is to use different service accounts for each environment which can be easily done with this script.

Using the script

The script needs the activedirectory module to function correctly.
Please install the Active Directory management tools to be able to use this module.
I recommend running this script on the domain controller or a management server with sufficient permissions.

PowerShell Gallery

The script has been uploaded to the PowerShell Gallery.
Start PowerShell as an administrator on a server/computer and run the following command:

Install-Script -Name Add-ServiceAccounts

image_thumb

Press Y if you want to add the default imported scripts location to the PATH environment variable.

image_thumb-1

Press Y to install and import the NuGet provider now as this is a “clean” server installation.

image_thumb2

Press Y to install the scripts from the PSGallery and the script will be saved on the default location C:\Program Files\WindowsPowerShell\Scripts.
I always recommend first reading through the .ps1 file if you haven’t already read it at the PowerShell Gallery page.

You can now run the following command to create the service accounts:

Add-ServiceAccounts -OU "OU=Service Accounts,OU=SPFire,DC=sharepointfire,DC=com" -UPNSuffix "SharePointFire.com" -Prefix "SA_SP2019" -LogPath "C:\Install"

image_thumb3

The service accounts have been created in the specified location

image_thumb4

You can also verify the log file and add the passwords to your password database.

image_thumb5

Copy / Paste

The other option is to just copy and paste the below code in PowerShell as administrator.
Please note that the below script may not be the latest version as the PowerShell Gallery script will always be more updated!
You can add additional users easier this way by simply updating the $Accounts variable with more users.

<#PSScriptInfo .VERSION 2.3 .GUID a8d133a6-dc3b-4dbf-a6f5-1ea8abcbb7bd .AUTHOR Maarten Peeters - SharePointFire - https://sharepointfire.com .COMPANYNAME SharePointFire .COPYRIGHT .TAGS SharePoint, Active Directory, Service Accounts .LICENSEURI .PROJECTURI .ICONURI .EXTERNALMODULEDEPENDENCIES ActiveDirectory .RELEASENOTES Version 1.0: Original published version. Version 2.0: Removed function Version 2.1: Changed Admin to Install Version 2.2: Fixed A positional parameter cannot be found that accepts argument Version 2.3: Fixed A positional parameter cannot be found that accepts argument #> 

<# .SYNOPSIS Simple Function to create needed SharePoint service accounts .DESCRIPTION Simple Function to create needed SharePoint service accounts. Each service account will receive an unique password. .PARAMETER OU Enter the full path to the OU where to add the service accounts. For example: OU=Service Accounts,OU=SPFire,DC=sharepointfire,DC=com .PARAMETER UPNSuffix Enter the UPNSuffix to be used during creation For example: sharepointfire.com .PARAMETER Prefix Specify the prefix to be used for the service accounts. For example: SA_SP2019 which will create service accounts like SA_SP2019Farm and SA_SP2019Install .PARAMETER LogPath Enter the full path to store a .csv file (; delimited) of the created service accounts with their unique password For example: C:\Install .EXAMPLE Add-ServiceAccounts.ps1 -OU "OU=Service Accounts,OU=SPFire,DC=sharepointfire,DC=com" -UPNSuffix "SharePointFire.com" -Prefix "SA_SP2019" -LogPath "C:\Install" .NOTES Version: 2.3 Author: Maarten Peeters Creation Date: 29-07-2018 Purpose/Change: Fast creation of Service Accounts #>

param(
    [Parameter(mandatory=$true)]
    [string] $OU,
    [Parameter(mandatory=$true)]
    [string] $UPNSuffix,
    [Parameter(mandatory=$true)]
    [string] $Prefix,
    [Parameter(mandatory=$true)]
    [string] $LogPath
)

#Array of accounts to be created. Add names if needed as for example Visio Unattented userID
$Accounts = "Install", "Farm", "Services", "Pool", "MySitePool", "Crawl", "Sync", "C2WTS", "SU", "SR"

try{
    #Verify if Active Directory Module is available
    if (Get-Module -ListAvailable -Name activedirectory) {
        #Import Active Directory Module
        import-module activedirectory -ErrorAction SilentlyContinue

        #Verify if the OU exists
        if(get-adorganizationalunit -Filter { DistinguishedName -eq $OU }) {

            #Test if logpath exists
            If(Test-Path $LogPath) { 
                #Loop through all accounts and create them
                foreach($Account in $Accounts){
                    $Password = ([char[]]([char]33..[char]95) + ([char[]]([char]97..[char]126)) + 0..16 | Sort-Object {Get-Random})[0..15] -join ''
                    New-ADUser -Name "$($Prefix)$($Account)" -SamAccountName "$($Prefix)$($Account)" -DisplayName "$($Prefix)$($Account)" -UserPrincipalName "$($Prefix)$($Account)@$($UPNSuffix)" -Path $OU -Enabled $true -ChangePasswordAtLogon $false -PasswordNeverExpires $true -AccountPassword (ConvertTo-SecureString $Password -AsPlainText -force) -PassThru | out-null
                    $Log += "$($Prefix)$($Account);$($Password) `n"
                }
                $Log | out-file -FilePath "$($LogPath)\SharePointAccounts$((get-date).tostring('sshhMMddyyyy')).csv"
                Write-Host "Accounts created and log located on $($LogPath)" -foregroundcolor green
            } Else { 
                Write-Host "The path $($LogPath) could not be found. Please enter a correct path to store the passwords" -foregroundcolor yellow
            }
        }  else  {
            Write-Host "The OU $($OU) could not be found. Please enter a correct OU to store the accounts" -foregroundcolor yellow
        }
    } else {
        Write-Host "Active Directory module not loaded. Please install Active Directory Management Tools" -foregroundcolor yellow
    }
}
catch{
    write-host "Error occurred: $($_.Exception.Message)" -foregroundcolor red
}

SNAGHTML5e4efe7_thumb1

You will need to enter the parameters used for this script.

image_thumb20

And these accounts will also be created correctly

image_thumb10

With their unique passwords

image_thumb11

Hide / Disable Export to Spreadsheet

I got a question from a colleague where the customer has added an out of the box survey in SharePoint and granted the required users permissions to respond. The scenario has been recreated on my environment and the issue is that visitors/members can read other responses even when specified that they are not allowed to view them using the Export to Spreadsheet action. This occurs in all SharePoint environments and I’ve created the scenario in SharePoint Online (Office 365). I would like to suggest using the Office 365 Forms app to build a survey when using Office 365!

I responded to a survey with my “External” account with edit permissions:

image

I changed the edit permissions to read and navigated to the “Overview” page.

image

I still have actions available and also Export to Spreadsheet

image

I was able to see all answers from all users.

Solution

There is no option to really disable this functionality but we are able to hide the Actions tab.

You can hide the Actions tab using CSS or JQuery. I suggest to do the below actions on all .aspx pages used by the form although Overview.aspx is the one hosting the “Export to Spreadsheet” :

  • Overview.aspx
  • AllItems.aspx
  • Summary.aspx

CSS

SNAGHTMLde51c4c

Edit page

image

Add a Script Editor web part

image

Edit snippit and add the below CSS code. This will select all ID’s that contains _ListActionsMenu_t and hides it.

<style>
*[id*=’_ListActionsMenu_t’]{ display:none; }
</style>

image

Insert and stop editing the page

image

The Actions menu is now hidden.

JQuery

I suggest using CSS and JQuery combined in case the browser does not support the wildcard selection from CSS.
Add the below code in the same script editor webpart where you can add this also as a .js file to the site assets and reference those .js files.

<script src=”//code.jquery.com/jquery-3.1.1.min.js”></script>
<script>
$(document).ready(function(){
$(“table.ms-menutoolbar tr td.ms-toolbar”).has(“span[id*=’ListActionsMenu_t’]”).hide();
$(“table.ms-menutoolbar tr td.ms-separator:first”).hide();
});
</script>

image

Insert and stop editing the page

image

PowerShell Office 365 Inventory tool

I’ve thought of creating a different tool after creating the PowerShell Office 365 tool a couple of days ago to improve my PowerShell coding and to make my work and that of my colleagues a little bit easier. The PowerShell Office 365 inventory tool lists a lot of information you would like to see when troubleshooting or getting information from a tenant you never connected to.

You can follow and download the PowerShell Office 365 Inventory Tool at GitHub: https://github.com/peetersm12/Office365Inventory-GUI

This PowerShell Office 365 Inventory tool will retrieve the following information:

  • Azure Active Directory Users
  • Azure Active Directory Deleted Users
  • Azure Active Directory External Users
  • Azure Active Directory Contacts
  • Azure Active Directory Groups
  • Azure Active Directory Licenses
  • Azure Active DIrectory Domains
  • Exchange Mailboxes
  • Exchange Archives
  • Exchange Groups
  • SharePoint Sites
  • SharePoint Webs

Please note that you will need a few pre-requisites before fully able to run this tool:

Please let me know which information you would like to see added to this tool and I’ll add this is as soon as possible.

FrontWindow2

[How to] PowerShell Office 365 Inventory Tool

image

Run ‘Start-Office365Inventory.ps1’. You will automatically be asked to run as administrator if you ran this as a normal user.

image

First Connect to Office 365 by clicking on the credential logo, by pressing f4 or via the menu

image
Fill in your credentials and press OK

image

You are connecting successfully when the icons are green.

There are 2 possible actions now:

  • Navigate to a tab and run only this action
  • Press the run all button to run all available actions

image

Only the Azure Active Directory Licenses have been returned. You can verify which actions have been run on the home tab.

image

Now click on the run all actions button. You can see the progress on the Home tab.

Please note that you will need site collections permissions for the SharePoint Webs option as this uses CSOM to connect to the different webs.

You will receive the following message but it will continue looking for more webs

image

After all actions everything should be green

image

Run the action individually if you encounter an error as the exception will be shown in the below message center.

Reports
You can create a .CSV or .HTML file based on the items visible at any time in the view by clicking on the button next to the CSV Report.
The report will be saved to the report folder located in the script root.

The .CSV report will look like:
report1

The .HTML report will look like:
report2

It is also possible to create a .HTML file for all the available tabs in a nice format. Please note that this is still a work in progress but it will lists everything at the moment.

report3

Error log
Some error information is displayed on the background PowerShell window as other information is only readable using the errorlog.
Please send me this information and the message in the below message box if you encounter an error.

image