Question : How to run SharePoint using Non-Domain Admin account ?
Answer : Many organizations do not wish to use their core Domain Admin account for configurations of SharePoint applications servers. Therefore in order to cater to the needs of such organizations SharePoint should be allowed to be configured with a non-domain admin account. To configure SharePoint with a non-domain admin account follow the below steps :
- Log on Hosting Controller Provisioning service with a non-admin account on SharePoint Server.
After Operating System 2016 any web based service will not be accessible if it is running with non-admin (local or domain) account. Since HC Provisioning Service will be running with delegate SP account, we will execute following command on all SharePoint front-end servers.
Open cmd by running as administrator
netsh http add urlacl url=http://+:8796/ user=ad22\HCSP
2. Execute this command Add-SPShellAdmin -UserName AD22\HCSP in SharePoint Management Shell.
- Connect to the MSSQL Server management studio which hosts the SharePoint application. Navigate to path Security > Login >> Find the non-admin user (HCSP)
- Assign following DB schema “db_owner , db_securityadmin , SharePoint_Shell_Access , SPDataAccess” for below databases;
i.SharePoint_AdminContent
ii.SharePoint_Config
iii. WSS_Content
b. Assign following Server Roles “dbcreator , Securityadmin , sysadmin“
4. If you intend to use the same account HCSP for Active Directory operations, make sure it has Full control “CREATE/READ/UPDATE/DELETE” permissions on the root of hosted OU.
5. Execute following commands in order listed below in SharePoint Management Shell.
CMD 1: to retrieve the current Farm Administrators
$WebApp = get-spwebapplication -includecentraladministration | where-object {$_.DisplayName -like "SharePoint Central Administration*"}
$Web = Get-SPweb($WebApp.Url)
$FarmAdminGroup = $Web.SiteGroups["Farm Administrators"]
$FarmAdminGroup.users
CMD 2: to add the user to the Farm Administrators group
$user = "ad22\hcsp"
$FarmAdminGroup.AddUser($user, "", $user, "")
CMD 3: to retrieve the list of current Farm Administrators
$FarmAdminGroup = $Web.SiteGroups["Farm Administrators"]
$FarmAdminGroup.users
- Grant permission on web application by going into SharePoint administration Login to the farm's Central Administration as a farm administrator > Applications Management > Web Applications > Manage Web Applications.
Select the Web Application that will be used in HC Control Panel and click on “User Policy” > Add User > Select HCSP user and give Full Control Permissions.
- Add user “HCSP” to a local group (WSS_ADMIN_WPG) on the SharePoint FE servers.
For any further query regarding Hosting Controller do not hesitate to contact us.