Farm account Permissions for User Profile Service
https://sharepoint.stackexchange.com/questions/241228
-
16-01-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianDomanda
On our SharePoint 2013 (SP1) farm, we require the User Profile Service Application (UPA) for saving SAML user claims in the user profile via 3rd party solution, beyond this we do not utilize UPA. Some other comments on our farm:
- We do not need the User Profile Synchronization Service (UPS)
- We do not need MySites
I have read some conflicting information on UPA/UPS,therefore I have a couple of questions on the requirements for provisioning and running only UPA:
- Does the farm account need to be in the local administrator group at any point during provisioning or patching?
- Does the farm account need local logon rights at any point?
- If I am provisioning UPA using PowerShell, do I need to execute any part of the script under the context of the farm account, or can it be executed all using the SP install account?
Thanks for any insight.
Soluzione
If you have separate Install account which is responsible for all tasks related to installation, configuration, patching, running powershell or other routine task than farm account does not required local admin rights on the server. I think you mentioned that you have SP install account then you dont need to put your farm admin into local admin.
If you are not using the sync at all then it is not required local admin at any give point of time.
