Configure Domain Accounts for Windows SharePoint Services Processes

Cc526702.chm_head_left(en-us,TechNet.10).gif Cc526702.chm_head_middle(en-us,TechNet.10).gif Cc526702.chm_head_right(en-us,TechNet.10).gif

Configure Domain Accounts for Windows SharePoint Services Processes

You must create three domain user accounts for Microsoft Windows SharePoint Services and processes in your environment.

The three user accounts needed are as follows:

  • SharePoint Service Account: FABRIKAM\SharePoint_AppID

    This account is the Windows SharePoint Services version 3.0 service account and is used to access your Windows SharePoint Services configuration database. It also acts as the application pool identity for the SharePoint Central Administration application pool, and it is the account under which the Windows SharePoint Services Timer service runs. The SharePoint Products and Technologies Configuration Wizard adds this account to the Microsoft SQL Server Logins, the SQL Server Database Creator server role, and the SQL Server Security Administrators server role. The user account that you specify as the Windows SharePoint Services version 3.0 service account must be a domain user account, but it does not need to be a member of any specific security group on your front-end servers or your back-end database servers. It is recommended that you follow the principle of least privilege and specify a user account that is not a member of the Administrators group on your front-end servers or your back-end servers.

  • Search Service Account: FABRIKAM\SharePointSrchSvc

    A unique domain user account under which the Windows SharePoint Services Search service can run.

  • Search Crawler Account: FABRIKAM\SharePointSrchCrl

    A unique domain user account that is used to crawl content on your sites and create indexes. This user account will be added to the Web application Full Read policy for your farm.

Tasks

  1. Create Service Accounts for Windows SharePoint Services

Create Service Accounts for Windows SharePoint Services

Procedure DWSH.1: To create service accounts for Windows SharePoint Services

  1. On AD01, click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. Expand your domain (fabrikam.com).
  3. Right-click Users, point to New, and then click User.
  4. In the New Object-User dialog box, type SharePoint_AppID as the First name and the User logon name, and then click Next.
  5. In the next New Object - User dialog box, clear the User must change password at next logon check box. Enter the password twice, and then select Password never expires.
  6. Click Next. Verify the information you have entered, and then click Finish.
  7. Repeat steps 4 - 7 to create the user accounts SharePointSrchSvc and SharePointSrchCrl.
  8. Add all three of these user accounts to the Windows-based Hosting Service Accounts group located in the Users container.