Grant user account Farm Administrator permissions with PowerShell

We had an “unexpected” issue at a customer which I troubleshooted. I was unable to connect to the Central Administration and I tried to add my account to the Farm Administrators group using PowerShell as a possible solution. The issue occurred on a SharePoint 2013 environment but the below screenshots have been taken from a SharePoint 2019 environment.

First start the SharePoint 2019 Management Shell as administrator

Use the below commands to retrieve the current Farm Administrators

$WebApp = get-spwebapplication -includecentraladministration | where-object {$_.DisplayName -like "SharePoint Central Administration*"}
$Web = Get-SPweb($WebApp.Url)
$FarmAdminGroup = $Web.SiteGroups["Farm Administrators"]
$FarmAdminGroup.users

Next run the following commands to add the user to the Farm Administrators group.

$user = "Domain\UserID"
$FarmAdminGroup.AddUser($user, "", $user, "")

You can run the following commands again to retrieve the list of current Farm Administrators.

$FarmAdminGroup = $Web.SiteGroups["Farm Administrators"]
$FarmAdminGroup.users

Generate a new secure password with PowerShell

The PowerShell Gallery is a perfect solution to store your own scripts which you use on a regular basis where other people can use them to. In this case I added my script to generate a new secure password with PowerShell where you only need to specify the length required. There are a lot of times where you need to create a new password for example the AD recovery password, SharePoint farm passphrase or just for a user account. The password will have uppercase, lowercase and special characters.

The script can be found at  https://www.powershellgallery.com/packages/New-SecurePassword.
I always recommend reading the code first as this is a script from the internet which can be found after clicking on “Show” at “FileList”

image

You can install the script using the below command

Install-Script -Name New-SecurePassword

image

Press Y if you want to install the script from the PSGallery where you can then just enter the following command to generate a new secure password with PowerShell.

New-SecurePassword.ps1 -Length 16

image

The password is readable using Write-Host but also copied directly to the clipboard.

PowerShell Office 365 Inventory tool

I’ve thought of creating a different tool after creating the PowerShell Office 365 tool a couple of days ago to improve my PowerShell coding and to make my work and that of my colleagues a little bit easier. The PowerShell Office 365 inventory tool lists a lot of information you would like to see when troubleshooting or getting information from a tenant you never connected to.

You can follow and download the PowerShell Office 365 Inventory Tool at GitHub: https://github.com/peetersm12/Office365Inventory-GUI

This PowerShell Office 365 Inventory tool will retrieve the following information:

  • Azure Active Directory Users
  • Azure Active Directory Deleted Users
  • Azure Active Directory External Users
  • Azure Active Directory Contacts
  • Azure Active Directory Groups
  • Azure Active Directory Licenses
  • Azure Active DIrectory Domains
  • Exchange Mailboxes
  • Exchange Archives
  • Exchange Groups
  • SharePoint Sites
  • SharePoint Webs

Please note that you will need a few pre-requisites before fully able to run this tool:

Please let me know which information you would like to see added to this tool and I’ll add this is as soon as possible.

FrontWindow2

[How to] PowerShell Office 365 Inventory Tool

image

Run ‘Start-Office365Inventory.ps1’. You will automatically be asked to run as administrator if you ran this as a normal user.

image

First Connect to Office 365 by clicking on the credential logo, by pressing f4 or via the menu

image
Fill in your credentials and press OK

image

You are connecting successfully when the icons are green.

There are 2 possible actions now:

  • Navigate to a tab and run only this action
  • Press the run all button to run all available actions

image

Only the Azure Active Directory Licenses have been returned. You can verify which actions have been run on the home tab.

image

Now click on the run all actions button. You can see the progress on the Home tab.

Please note that you will need site collections permissions for the SharePoint Webs option as this uses CSOM to connect to the different webs.

You will receive the following message but it will continue looking for more webs

image

After all actions everything should be green

image

Run the action individually if you encounter an error as the exception will be shown in the below message center.

Reports
You can create a .CSV or .HTML file based on the items visible at any time in the view by clicking on the button next to the CSV Report.
The report will be saved to the report folder located in the script root.

The .CSV report will look like:
report1

The .HTML report will look like:
report2

It is also possible to create a .HTML file for all the available tabs in a nice format. Please note that this is still a work in progress but it will lists everything at the moment.

report3

Error log
Some error information is displayed on the background PowerShell window as other information is only readable using the errorlog.
Please send me this information and the message in the below message box if you encounter an error.

image