SharePoint Farm User Accounts

When you are going to deploy a SharePoint Farm, you need a set of user accounts with proper roles and permissions, in this blog post I am going to share the list of recommended user accounts required for a SharePoint 2016 Farm with their roles.

I will share the installation details in later blog posts. Below are the user accounts required for SQL Server and SharePoint:

SharePoint Farm User Accounts

User Accounts for SQL Server

Name Description Local Rights Domain Rights
SQLAdmin SQL Admin on the SQL Server. It needs Local Administrator rights in order to install the SQL server. Local Administrator on the SQL Server Domain User
SQLServices It is the service account for the following SQL Server services: MSSQLSERVER SQLSERVERAGENT. None Domain User

User Accounts for SharePoint Server

Name Description Local Rights Domain Rights
SPFarm The server farm account is used to perform the following tasks:
-Configure and manage the server farm.
-Act as the application pool identity for the SharePoint Central Administration Web site.
-Run the Microsoft SharePoint Foundation Workflow Timer Service.
SecurityAdmin and DB_Creator rights on the SQL Instance Domain User

Local Administrator during installation and upgrades

SPAdmin The server farm account is used to perform the following tasks:
-Setup
-SharePoint Products Configuration Wizard
Local Administrator on all the SharePoint Servers. SecurityAdmin and DB_Creator rights on the SQL Instance Domain User
SPPool The Pool account is used to run the Web Application Pools None Domain User
SPServices The Services Account is used to run the Service Application Pool None Domain User
SPCrawl The Default Content Access Account for the Search Service Application None Domain User
SPSearch Service Account to run the SharePoint Search “Windows Service” None Domain User
SPUserProfiles The User Profile Synchronization Account None Replicate Directory Changes permission on the domain.

Account Details

SQLAdmin: This will be your main SQL Administrator. It needs Local Administrator rights in order to install the SQL server.

SQLServices: This account does not have any local rights, it is only used to run the SQL Agent and Database Engine windows services.

SPFarm is a domain account that the SharePoint Timer service and the web application for Central Administration use to access the SharePoint content database. This account does not need to be a local administrator. The SharePoint configuration wizard grants the proper minimal privilege in the back-end SQL Server database. The minimum SQL Server privilege configuration is membership in the roles SecurityAdmin and DBcreator.

SPadmin is a domain account you use to install the farm. It is the account used to run the SharePoint Configuration Wizard for SharePoint. The SPAdmin account is the only account that requires local Administrator rights. To configure the SPAdmin account in a minimum privilege scenario, it should be a member of the roles securityadmin and dbcreator on the SQL server.

SPPool  is a domain account used for application pool identity.. ex: When you create a Web Application, and you create a pool for it, you select this account!

SPServices is a domain account used for the Service Applications Pools.  ex: When you create a Managed Metadata Service application and create a pool for it, you select this account!

SPCrawl is used within the Search Service Application to crawl content. The Search Service Application will automatically grant this account read access on all Web Applications.

SPSearch Is used to run the SharePoint Windows Search Service.

SPUserProfiles is the account used for the User Profile Synchronization between your Service Application and your Active Directory. This account does not need any local rights, however you need to give it Replicate Directory Changes rights on the Active Directory in order to allow the synchronization.

The following two tabs change content below.
Adnan Amin
Adnan is two time SharePoint MVP (Most Valuable Professional) with over 12 years of extensive experience with major expertise on SharePoint Server, Office 365, .Net Platform and Microsoft BI. He is currently working SharePoint Architect at FMT Consultants. He is MCT Regional Lead for Pakistan Chapter since 2012. He is working on SharePoint for past nine years and worked on different intranet/intranet solutions for private & govt. sector majorly in Gulf region, which include OOB and customized solutions. He is a trainer, technology evangelist and also speaks in community forums.

One Comment

  1. Pingback: SharePoint 2016 Multi-Server Farm Installation Guide

Leave a Reply

Your email address will not be published. Required fields are marked *