Export (0) Print
Expand All

Remove administrators from User Profile service applications in SharePoint Server 2013

 

Applies to: SharePoint Server 2013 Standard, SharePoint Server 2013 Enterprise

Topic Last Modified: 2014-07-03

Summary: Learn how to remove a service application administrator from a User Profile service application in SharePoint Server 2013.

Farm administrators can remove a service application administrator from a User Profile service application. For example, the account for a user who leaves the organization should be removed from the list of service application administrators. Another reason for the removal is when a service application administrator is no longer required. For more information about administrators, see Choose administrators and owners for the administration hierarchy in SharePoint 2013.

ImportantImportant:
This article applies to only SharePoint Server 2013.

In this article:

Before you begin this task, review the following information about prerequisites:

  • A User Profile service application is running in the farm.

NoteNote:
Because SharePoint 2013 runs as websites in Internet Information Services (IIS), administrators and users depend on the accessibility features that browsers provide. SharePoint 2013 supports the accessibility features of supported browsers. For more information, see the following resources:

You typically use the SharePoint Central Administration website to remove an administrator from a User Profile service application in a small deployment, such as a single-server deployment, or in an environment where you don’t have to automate the task.

To remove an administrator from a User Profile service application by using Central Administration
  1. Verify that the user account that is performing this procedure is a member of the Farm Administrators group.

  2. Start SharePoint 2013 Central Administration.

    • For Windows Server 2008 R2:

      • Click Start, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Central Administration.

    • For Windows Server 2012:

      • On the Start screen, click SharePoint 2013 Central Administration.

        If SharePoint 2013 Central Administration is not on the Start screen:

      • Right-click Computer, click All apps, and then click SharePoint 2013 Central Administration.

    For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012 R2 and Windows Server 2012.

  3. On Central Administration, in the Application Management section, click Manage service applications.

  4. In the list of service applications, click User Profile Service Application.

  5. On the Service Applications tab, in the Operations group, click Administrators.

  6. On the Administrators for User Profile Service Application page, select a user or group account, click Remove, and then click OK.

You typically use Windows PowerShell to remove an administrator from a User Profile service application when you want to automate the task, which is common in enterprises.

To remove an administrator from a User Profile service application by using Windows PowerShell
  1. Verify that you have the following memberships:

    • securityadmin fixed server role on the SQL Server instance.

    • db_owner fixed database role on all databases that are to be updated.

    • Administrators group on the server on which you are running the Windows PowerShell cmdlets.

    An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2013 cmdlets.

    NoteNote:
    If you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about Windows PowerShell permissions, see Add-SPShellAdmin.
  2. Start the SharePoint 2013 Management Shell.

    • For Windows Server 2008 R2:

      • On the Start menu, click All Programs, click Microsoft SharePoint 2013 Products, and then click SharePoint 2013 Management Shell.

    • For Windows Server 2012:

      • On the Start screen, click SharePoint 2013 Management Shell.

        If SharePoint 2013 Management Shell is not on the Start screen:

      • Right-click Computer, click All apps, and then click SharePoint 2013 Management Shell.

    For more information about how to interact with Windows Server 2012, see Common Management Tasks and Navigation in Windows Server 2012.

  3. At the Windows PowerShell command prompt, do the following:

    • To get a list of all service applications and their GUIDs, type the following command:

      Get-SPServiceApplication
      
    • To create a variable that contains the GUID of the User Profile service application for which you want to remove an administrator, type the following command:

      $serviceapp = Get-SPServiceApplication <guid>
      

      Where <guid> is the GUID for the User Profile service for which you want to remove a service application administrator.

    • To create a variable that contains the list of administrators for the User Profile service application, type the following command:

      $security = Get-SPServiceApplicationSecurity $serviceapp -Admin
      
    • To create a variable that contains the claims principal for a user account, type the following command:

      $principalUser1 = New-SPClaimsPrincipal -Identity "<domain\user>" -IdentityType WindowsSamAccountName
      

      Where <domain\user> is the administrator you want to remove.

    • To remove the user from the list of service application administrators, type the following command:

      Revoke-SPObjectSecurity $security -Principal $principalUser1
      
    • To apply the changes to the User Profile service application, type the following command:

      Set-SPServiceApplicationSecurity $serviceapp -ObjectSecurity $security -Admin
      

For more information, see Get-SPServiceApplication, Get-SPServiceApplicationSecurity, Revoke-SPObjectSecurity, and Set-SPServiceApplicationSecurity.

NoteNote:
We recommend that you use Windows PowerShell when performing command-line administrative tasks. The Stsadm command-line tool has been deprecated, but is included to support compatibility with previous product versions.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft