Configure Domain Accounts for Windows SharePoint Services Processes

  • Article

You must create three domain user accounts for Microsoft Windows SharePoint Services and processes in your environment.

The three user accounts needed are as follows:

  • SharePoint Service Account: FABRIKAM\SharePoint_AppID

    This account is the Windows SharePoint Services version 3.0 service account and is used to access your Windows SharePoint Services configuration database. It also acts as the application pool identity for the SharePoint Central Administration application pool, and it is the account under which the Windows SharePoint Services Timer service runs. The SharePoint Products and Technologies Configuration Wizard adds this account to the Microsoft SQL Server Logins, the SQL Server Database Creator server role, and the SQL Server Security Administrators server role. The user account that you specify as the Windows SharePoint Services version 3.0 service account must be a domain user account, but it does not need to be a member of any specific security group on your front-end servers or your back-end database servers. It is recommended that you follow the principle of least privilege and specify a user account that is not a member of the Administrators group on your front-end servers or your back-end servers.

  • Search Service Account: FABRIKAM\SharePointSrchSvc

    A unique domain user account under which the Windows SharePoint Services Search service can run.

  • Search Crawler Account: FABRIKAM\SharePointSrchCrl

A unique domain user account that is used to crawl content on your sites and create indexes. This user account will be added to the Web application Full Read policy for your farm.

Tasks

  1. Create Service Accounts for Windows SharePoint Services

Create Service Accounts for Windows SharePoint Services

In this procedure, you will create the SharePoint_AppID, SharePointSrchSvc, and SharePointSrchCrl service accounts. You will also add the SharePoint_AppID account to the Windows-based Hosting Service Accounts group.

Procedure W08-DWSH.1: To create service accounts for Windows SharePoint Services

  1. On AD01, open Active Directory Users and Computers and expand your domain (fabrikam.com).

  2. Create three new user accounts SharePoint_AppID, SharePointSrchSvc, and SharePointSrchCrl. Set their passwords to never expire.

    Note

    The account cannot have a blank password or a password that will expire.

  3. Add the SharePoint_AppID account as a member of the Windows-based Hosting Service Accounts group.