Join me at Google+ ...
August 14, 2008 - 11 Comments  

Install SharePoint 2007 on Windows Server 2008 and SQL Server 2008 - Part 3: Domain Accounts

This article is a part of a series describing the installation of Microsoft Office SharePoint Server 2007 (MOSS) on a Windows Server 2008 with the newly released SQL Server 2008. These accounts are needed to install SharePoint 2007 in a least privileges environment.

Install a server farm or development environment:
  • 50 pages PDF
  • 15 PowerShell scripts and batch files
  • Install now...

Please have a look at:

Account overview

In order to set up a MOSS 2007 farm you need the following domain accounts.

Please remember that this is just an example and that there are different naming conventions.

Note: Permissions are assigned later.

Account type Account name
SQL Service SQLservice
Setup Admin setupAdmin
Farm Account MOSSfarm
SSP Admin Application Pool MOSSsspPool
SSP MySite Application Pool MOSSsspMySite
SSP Service MOSSsspService
WSS Search Service WSSsearchService
WSS Search Content Access WSScontentAccess
MOSS Search Service MOSSsearchService
MOSS Profile Import MOSSprofile
MOSS Excel Services MOSSexcel

Add the user to your Active Directory. Make sure you have

"User cannot change password" and
"Password never expires" checked.

Create a user in Active Directory.  Make sure the user has the right account settings.

At the end you have the following accounts in your Active Directory:

All domain accounts listed.

Assign permission

After creating the specified domain accounts you need to assign permission for the setupAdmin account.

After installing the SQL Server (Part 4: Installing and configuring SQL Server 2008) you should continue with the following steps.

First of all connect to the SQL Server using the Management Studio and create a new login.

Create a new login in SQL Server.

Select the setupAdmin account and assign the following roles to that account: dbcreator and securityadmin.

Select the setup admin account. Give them the roles dbcreator and securityadmin.

After finishing you can see your account listed next to the others.

Finish the process.

At the end you need to put the setupAdmin account in the administrators group on every Application and Front-end server.

Open computer management and add the setup admin to the administrators group. The setup admin was added to the group.



Get updates

 

Comments (11) -

11/17/2008 10:14:36 AM #

dsadd user cn="SQLservice,cn=users,dc=devsoe,dc=net" -descr "SQL Service" -mustchpwd no -pwdneverexpires yes -canchpwn no -password password
dsadd user cn="setupAdmin,cn=users,dc=devsoe,dc=net" -descr "Setup Admin" -mustchpwd no -pwdneverexpires yes -canchpwn no -password password
dsadd user cn="MOSSfarm,cn=users,dc=devsoe,dc=net" -descr "Farm Account" -mustchpwd no -pwdneverexpires yes -canchpwn no -password password
dsadd user cn="MOSSsspPool,cn=users,dc=devsoe,dc=net" -descr "SSP Admin Application Pool" -mustchpwd no -pwdneverexpires yes -canchpwn no -password password
dsadd user cn="MOSSsspMySite,cn=users,dc=devsoe,dc=net" -descr "SSP MySite Application Pool" -mustchpwd no -pwdneverexpires yes -canchpwn no -password password
dsadd user cn="MOSSsspService,cn=users,dc=devsoe,dc=net" -descr "SSP Service" -mustchpwd no -pwdneverexpires yes -canchpwn no -password password
dsadd user cn="WSSsearchService,cn=users,dc=devsoe,dc=net" -descr "WSS Search Service" -mustchpwd no -pwdneverexpires yes -canchpwn no -password password
dsadd user cn="WSScontentAccess,cn=users,dc=devsoe,dc=net" -descr "WSS Search Content Access" -mustchpwd no -pwdneverexpires yes -canchpwn no -password password
dsadd user cn="MOSSsearchService,cn=users,dc=devsoe,dc=net" -descr "MOSS Search Service" -mustchpwd no -pwdneverexpires yes -canchpwn no -password password
dsadd user cn="MOSSprofile,cn=users,dc=devsoe,dc=net" -descr "MOSS Profile Import" -mustchpwd no -pwdneverexpires yes -canchpwn no -password password
dsadd user cn="MOSSexcel,cn=users,dc=devsoe,dc=net" -descr "MOSS Excel Services" -mustchpwd no -pwdneverexpires yes -canchpwn no -password password

wildone Russia Reply

11/17/2008 10:22:34 AM #

1. replace "dc=devsoe,dc=net" with your server name
2. replace "-password password" with "-password YOURPASS"

wildone Russia Reply

3/12/2009 5:28:45 AM #

You must replace  -descr  for correct use  -desc

C:\Users\Administrator>dsadd user /?
Description:  Adds a user to the directory.

Syntax:  dsadd user <UserDN> [-samid <SAMName>] [-upn <UPN>] [-fn <FirstName>]
        [-mi <Initial>] [-ln <LastName>] [-display <DisplayName>]
        [-empid <EmployeeID>] [-pwd {<Password> | *}] [-desc <Description>]
        [-memberof <Group ...>] [-office <Office>] [-tel <Phone#>]
        [-email <Email>] [-hometel <HomePhone#>] [-pager <Pager#>]
        [-mobile <CellPhone#>] [-fax <Fax#>] [-iptel <IPPhone#>]
        [-webpg <WebPage>] [-title <Title>] [-dept <Department>]
        [-company <Company>] [-mgr <Manager>] [-hmdir <HomeDir>]
        [-hmdrv <DriveLtr:>] [-profile <ProfilePath>] [-loscr <ScriptPath>]
        [-mustchpwd {yes | no}] [-canchpwd {yes | no}]
        [-reversiblepwd {yes | no}] [-pwdneverexpires {yes | no}]
        [-acctexpires <NumDays>] [-disabled {yes | no}]
        [{-s <Server> | -d <Domain>}] [-u <UserName>]
        [-p {<Password> | *}] [-q] [{-uc | -uco | -uci}]
        [-fnp <FirstNamePhonetic>] [-lnp <LastNamePhonetic>]
        [-displayp <DisplayNamePhonetic>]

v-juanm Reply

3/12/2009 5:31:49 AM #

same case for -canchpwn must be -canchpwd

v-juanm Reply

3/12/2009 5:51:44 AM #

Correct command must be

dsadd user cn="sqlsrv,OU=MOSS,DC=test,DC=local" -desc "SQL Service" -mustchpwd no -pwdneverexpires yes -canchpwd no -pwd ComplexPassword-disabled no

If you are using a windows 2008 domain, or windows 2003 domain and your policies required a complex password

If you set -pwd with anormal password like mypass dsadd will fail, if you have a relasex security will success

v-juanm Reply

9/9/2009 3:39:47 PM #

Hi,

I'm trying to use your guide to setup a simple farm with SQL Server 2008 and WSS (not MOSS).
It works almost all the way, but during the "Configuration wizard" the installation fails every time with the following error message:

Failed to create the configuration database
An exception of type System.InvalidOperationException was thrown.  Additional exception information: 1387
System.InvalidOperationException: 1387

When I look in the SQL Server DB, the config DB and administrator content DB are created, and seems to be complete.
From the stack trace, it seems that this step fails while adding a user to some user group.

I'm running the installation as setupAdmin, as described in your guide and that user is a local admin on the server I'm installing on.

Has anyone had the same problem?
Any ideas of where I go wrong?

Fredrik Sweden Reply

9/9/2009 3:41:07 PM #

Complete stack trace:

at Microsoft.SharePoint.Win32.SPNetApi32.NetLocalGroupAddMember(String groupName, String userName)
   at Microsoft.SharePoint.Administration.SPServer.AddMemberToLocalAdministrationWorkerProcessGroup(String userName)
   at Microsoft.SharePoint.SPUserCollection.AddCollection(SPUserInfo[] addUsersInfo)
   at Microsoft.SharePoint.SPUserCollection.Add(String loginName, String email, String name, String notes)
   at Microsoft.SharePoint.SPGroup.AddUser(String loginName, String email, String name, String notes)
   at Microsoft.SharePoint.Administration.SPAdministrationWebApplication.CreateAdministratorsGroup(SPSite site, String farmUser)
   at Microsoft.SharePoint.Administration.SPAdministrationWebApplication.CreateDefaultInstance(SqlConnectionStringBuilder administrationContentDatabase, SPWebService adminService, IdentityType identityType, String farmUser, SecureString farmPassword)
   at Microsoft.SharePoint.Administration.SPFarm.CreateAdministrationWebService(SqlConnectionStringBuilder administrationContentDatabase, IdentityType identityType, String farmUser, SecureString farmPassword)
   at Microsoft.SharePoint.Administration.SPFarm.CreateBasicServices(SqlConnectionStringBuilder administrationContentDatabase, IdentityType identityType, String farmUser, SecureString farmPassword)
   at Microsoft.SharePoint.Administration.SPFarm.Create(SqlConnectionStringBuilder configurationDatabase, SqlConnectionStringBuilder administrationContentDatabase, IdentityType identityType, String farmUser, SecureString farmPassword)
   at Microsoft.SharePoint.Administration.SPFarm.Create(SqlConnectionStringBuilder configurationDatabase, SqlConnectionStringBuilder administrationContentDatabase, String farmUser, SecureString farmPassword)
   at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.CreateOrConnectConfigDb()
   at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.Run()
   at Microsoft.SharePoint.PostSetupConfiguration.TaskThread.ExecuteTask()

Fredrik Sweden Reply

9/13/2009 6:54:01 PM #

Hi Fredrik,

I haven't seen this error before so I must guess:

-Does the WSS_ADMIN_WPG and the WSS_RESTRICTED_WPG group contains the user you used as the farm account?
You can find the group on the server you want to install WSS using Start -> All Programs -> Administrative Tools -> Computer Management -> Local Users and Groups

Maybe setup fails when adding the farm account to one of the groups.

-Since there are AddMemberToLocalAdministrationWorkerProcessGroup and SPWebService in the stack trace maybe the WSS_ADMIN_WPG or WSS_WPG is not added to the Central Administration website.

-Maybe the application pool account of the Central Administration can't be set.

I hope this helps finding a solution,
Andreas

Andreas Glaser Switzerland Reply

6/28/2010 4:05:16 PM #

All,

I would like to know if on the creation of the users accounts, Do they need to be at the AD level in other words, are they domain accounts or may I create the account locally at the MOSS?

I'll look forward to hear from you.

Jaime Luciano United States Reply

6/30/2010 8:49:01 PM #

Hmm I don't know if it works with locally created accounts because I have never tried it.
I always suggest to recreate the customers environment in some way because it helps me to find possible errors before going to the customer and deploying something.
Maybe it works for your case but I have no experience with local accounts.

Andreas Glaser Switzerland Reply

3/28/2011 8:14:40 PM #

I have followed this through the install to the point of configuring the Windows SharePoint Search Service and after adding the 2 accounts as described, trying to start the service fails and loads the Windows SharePoint Search Service setup page.

SysDoc United States Reply

Pingbacks and trackbacks (2)+

Add comment




  Country flag
biuquote
Loading