Saturday, February 15, 2014

Create application pool without the password of its user identity

There are certain scenarios where we need to host external services in SharePoint WFE servers. If those services access SharePoint resources, we may need to configure privileged account as the application pool account. But unfortunately we don’t have passwords of those accounts except a farm admin account. Is there anyway to configure application pool without the password of its identity?

In this scenario managed accounts will come to our rescue. There are two ways to create application pool with managed accounts

  1. Create web application in central administration and delete it
  2. Create application pool using PowerShell

      In the first option we will create a new application pool using desired managed account as well. When it’s created we will delete the web application including it’s content database.

      image

      But this option is not recommended as it will not delete all information from configuration database.

      Best approach is to use a PowerShell script as given below

      1. $service = [Microsoft.SharePoint.Administration.SpWebService]::ContentService
      2. $appPool = New-Object Microsoft.SharePoint.Administration.SPApplicationPool "WCF App Pool", $service
      3. $appPool.CurrentIdentityType = "SpecificUser"
      4. $account = Get-SPmanagedAccount "dev\spserviceapp"
      5. $processAcct = [Microsoft.SharePoint.Administration.SPProcessAccount]::LookupManagedAccount($account.Sid)
      6. $appPool.ProcessAccount = $processAcct
      7. $appPool.Provision()

      If we want to modify application pools for service applications, we can use SPServiceApplicationPool. You can read more from this article.

      No comments: