Export (0) Print
Expand All

Assign administration of a User Profile service application (SharePoint Server 2010)

 

Applies to: SharePoint Server 2010

Topic Last Modified: 2011-11-10

Farm administrators can delegate administration of a specific User Profile service application to a service application administrator. A service application administrator can perform all of the administrative tasks related to that User Profile service application, but cannot manage other service applications or settings contained in Central Administration. For more information, see User Profile service application overview (SharePoint Server 2010).

Before you perform this procedure, confirm the following:

  • A User Profile service application is running in the farm.

In this article:

You typically use the Central Administration Web site to delegate administration of a User Profile service application in a stand-alone deployment.

To delegate administration of a User Profile service application by using Central Administration
  1. Verify that you have the following administrative credentials:

    • To use Central Administration, the user account that is performing this procedure must be a member of the Farm Administrators group.

  2. On the Central Administration Web site, in the Application Management section, click Manage service applications.

  3. In the list of service applications, click User Profile Service Application.

  4. On the Service Applications tab, in the Operations section, click Administrators.

  5. On the Administrators for User Profile Service Application page, type or select a user or group account and then click Add.

  6. In the Permissions for Administrator: box, check the Full Control permission level, and then click OK.

You typically use Windows PowerShell to delegate administration of a User Profile service application when you want to automate the task, which is common in enterprises.

To delegate administration of a User Profile service application by using Windows PowerShell
  1. Verify that you meet the following minimum requirements:

  2. On the Start menu, click All Programs.

  3. Click Microsoft SharePoint 2010 Products.

  4. Click SharePoint 2010 Management Shell.

  5. From the Windows PowerShell command prompt (that is, PS C:\>), type the following commands:

    1. To display a list of all service applications and their GUIDs, type the following command:

      Get-SPServiceApplication
      
    2. To create a variable that contains the GUID for the User Profile service for which you want to delegate Full Control, type the following command:

      $serviceapp = Get-SPServiceApplication <guid>
      

      Where <guid> is the GUID for the User Profile service for which you want to delegate Full Control.

    3. To create a variable that contains the list of administrators for the service application, type the following command:

      $security = Get-SPServiceApplicationSecurity $serviceapp -Admin
      
    4. To create a variable that contains the claims principal for a user account, type the following command:

      $principalUser1 = New-SPClaimsPrincipal -Identity "<domain\user>" -IdentityType WindowsSamAccountName
      

      Where <domain\user> is the user to whom you want to delegate Full Control.

    5. To give Full Control permissions to the claims principal you just created, type the following command:

      Grant-SPObjectSecurity $security -Principal $principalUser1 -Rights "Full Control"
      
    6. To apply the changes to the User Profile service application, type the following command:

      Set-SPServiceApplicationSecurity $serviceapp -ObjectSecurity $security -Admin
      

    For more information, see Get-SPServiceApplication, Get-SPServiceApplicationSecurity, New-SPClaimsPrincipal, Grant-SPObjectSecurity, and Set-SPServiceApplicationSecurity.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft