Creating Additional SharePoint 2010 Farm Administrators

Lately, I have noticed that people are struggling with user accounts that need to be a SharePoint 2010 Farm Administrator. When you install SharePoint 2010 the active account will become a Farm Administrator (since it’s a member of Local Administrators in order to install software on the server) as well as the account you have set up for the SharePoint configuration database access. But it is very reasonable that you want other accounts to manage the farm daily. Accounts that are traceable to a real world person. In this blog post I want to sum up the actions you will need to take in order to create an additional full-blown Farm Administrator.

First step is to log into Central Administration with your current Farm Administrator account. Then open the link Manage the farm administrators group.

image

Click the New button to add your user account.

image

Enter the user name or select the user account you want to promote to Farm Administrator. Click OK.

Now, at this stage the user account can manage the farm by using Central Administration. If you

Second step is to logon the SharePoint server with the Farm Administrator account that you have used to install SharePoint or a Domain Administrator.

Then run the SharePoint 2010 Management Shell as Administrator. Now, you’ll need to give the user account PowerShell access to the SharePoint databases. So, when the account needs to manage solutions you will have to give PowerShell permissions to the SharePoint Configuration database.

Add-SPShellAdmin –username <youraccount>

Example:

image

This PowerShell cmdlet performs a couple of things. First, it adds the user account to the WSS_Admin_WPG group on ALL front-end webservers. This groups allows you to access SharePoint resources such as Logs and WebServices.

image

Then it also adds the user account to the SharePoint_Shell_Access role on the SharePoint database. If that database does not have this role yet, it will be created as well.

image

Back to the Add-SPShellAdmin cmdlet. If you do not specify a database, the SharePoint Configuration database is used.

If you have existing content database in the farm, you will have to use this cmdlet for every content database you want to manage by PowerShell.

Add-SPShellAdmin –username <youraccount> –database <contentdb>

Example:

image

All necessary steps are taken and you can test your account if it can perform all farm administrative tasks, both in Central Administration as well as with PowerShell.

Summary

Creating additional SharePoint Farm Administrators is not that hard to do. After adding the user to the Farm Administrators group in Central Administration, you should also use the PowerShell cmdlet Add-SPShellAdmin to give the user PowerShell access to the Farm and content databases.

More information about the cmdlet Add-SPShellAdmin: http://technet.microsoft.com/en-us/library/ff607596.aspx

4 thoughts on “Creating Additional SharePoint 2010 Farm Administrators

  1. Annemie

    Very nice article, except you need to provide the GUID of the database when using Add-SPShellAdmin, not the databasename.
    In your case it would look like this:

    Add-SPShellAdmin -UserName OCHADEVOctavie -Database (Get-SPContentDatabase -Identity WSS_content_DB)

Leave a Reply

Your email address will not be published. Required fields are marked *