Delegate Administration for user profile in SharePoint 2013
Farm Administrators or Service application administrators for user profile application can delegate the user profiles to a feature administrator. Feature administrator can manage all the settings to an user profile. We can Delegate administration of user profiles by using Central Administration and Windows power shell commands.
To do with central administration,
Navigate to Application Management in Central Administration, Click on Manage service applications link.
Select the User profile service application in list of service applications and Click on Administrators in Operations section in Service Applications tab.
Select user or group account in Administrators for User Profile Service Application page, click on Add button.
In the Permissions for Administrator box, check Manage Profiles permission level and click on Ok.
We can delegate administration of User profiles using power shell as the commands below,
First of all we need to get the GUID of the service application. We can get all the GUID's using Get-SPServiceApplication command.
Once we got the GUID, We need to get the service application using Get-SPServiceApplication command as,
$serviceApplication = Get-SPServiceApplication <GUID>
Here GUID is GUID of the service application.
We can get the list of administrators for the service applications by using Get-SPServiceApplicationSecurity Command as,
$securityAdmins = Get-SPServiceApplicationSecurity $serviceapp -Admin
We can create the create an account for claims principle using New-SPClaimsPrincipal command as,
$principalUser = New-SPClaimsPrincipal -Identity "<DomainName\User>" -IdentityType WindowsSamAccountName
Here <DomainName\User> is the user account.
We need to manage the permissions for the claims principal using Grant-SPObjectSecurity command as,
Grant-SPObjectSecurity $security -Principal $principalUser -Rights "Manage Profiles"
Here Manage Profiles is the permissions.
We need to apply the changes to the user profile service application, by using command below,
Set-SPServiceApplicationSecurity $serviceapp -ObjectSecurity $security –Admin
No comments:
Post a Comment