How to create an account that can be used to back up SharePoint data

Problem:

You want to create a new admin account that is used by CodeTwo Backup to back up and restore SharePoint data. 

Solution:

Below you can find step-by-step instructions on how to create an admin account that has all the necessary roles and privileges to back up and restore data from:

• SharePoint Online
• on-premises SharePoint Server 2016

How to create an admin account to back up and restore SharePoint Online data

1. Log in to Office 365 portal as a global administrator.
2. Open Microsoft 365 admin center (Office 365 admin center).
3. On the Home page, click Active users > Add a user (Fig. 1., items 1 and 2).

Fig. 1. Adding a new user.

4. On the Basics page, fill in all the necessary fields and click Next (Fig. 2.).

Fig. 2. Adding basic user information.

5. On the Product licenses page, assign the user a product license that includes SharePoint Online (e.g. Office 365 E3) and click Next (Fig. 3.).

Fig. 3. Assigning product license to the new user.

6. On the next page, Optional settings, assign the SharePoint admin role to the new user (Fig. 4.).

Fig. 4. Assigning an admin role to a user.

7. Review your settings on the Finish page and click Finish adding to create a new user.

You can now use this account to back up your SharePoint content in CodeTwo Backup.

How to create an admin account to back up and restore SharePoint (on-premises) data

This section includes the following steps:

1. Creating a new Active Directory user with administrator rights
2. Adding the created admin account to the SharePoint Farm Administrators group
3. Granting Full Control permissions to the SharePoint site at the Web Application Policy level
4. Adding the admin account to the Remote Management Users group
5. Adding the admin account to the SharePoint_Shell_Access role
6. Configuring the site collection administrator 

Creating a new Active Directory user with administrator rights

1. On your Domain Controller, open Active Directory Users and Computers.
2. Right-click the Users object in the left pane and then click New > User (Fig. 3.).

   
   Fig. 3. Creating a new user in Active Directory.

3. Fill in at least the Full name and User logon name fields (Fig. 4.) and click Next.

   
   Fig. 4. Filling in the necessary user data.

4. In the next step, provide the password and configure the remaining options according to your needs (Fig. 5.).

   
   Fig. 5. Configuring the password settings.

5. Click Next and Finish to create the new user.
6. Right-click this user and select Add to a group.
7. In the window that opens, type administrators, click Check Names and click OK (Fig. 6.).

   
   Fig. 6. Selecting the Administrators group.

Adding the created admin account to the SharePoint Farm Administrators group

1. Open SharePoint Central Administration and go to Security > Manage the farm administrators group (Fig. 7.).

   
   Fig. 7. Accessing the SharePoint Farm Administrators group.

2. In the Farm Administrators window, click New > Add users to this group (Fig. 8.).

   
   Fig. 8. Adding users to the Farm Administrators group.

3. Start typing the name of your user and select it once it appears in the drop-down menu below (Fig. 9.).

   
   Fig. 9. Selecting the appropriate user account.

4. Click Share

Granting Full Control permissions to the SharePoint site at the Web Application Policy level

1. In SharePoint Central Administration, go to Application Management > Manage web applications.
2. Select SharePoint - 80 on the list and click User Policy on the ribbon (Fig. 10.).

   
   Fig. 10. Accessing the SharePoint User Policy settings.

3. In the Policy for Web Application window, click Add Users, select (All zones) from the drop-down menu, and click Next.
4. In the next window, enter the full name or logon of your user in the Users box and click the Check Names button (Fig. 11.).

   
   Fig. 11. Searching for the specific user account.

5. Under Permissions, select the Full Control checkbox and click Finish.
6. Click OK to apply the changes.

Adding the admin account to the Remote Management Users group

1. On your SharePoint Server machine, go to Control Panel > Administrative Tools > Computer Management.
2. Click Local Users and Groups in the left pane and double-click Groups.
3. In the central pane, right-click the Remote Management Users group and select Add to Group (Fig. 12.).

   
   Fig. 12. Adding users to the Remote Management Users group.

4. In the properties window that opens, click Add, enter the name of your user, click Check Names, and then click OK two times.

Adding the admin account to the SharePoint_Shell_Access role

1. Open SharePoint Management Shell and add your user to the SharePoint_Shell_Access role by using the following cmdlet:

   Add-SPShellAdmin -UserName <domain>\<user_name>

   For example:

   Add-SPShellAdmin -UserName DOMAIN140\sharepoint.admin

For more information on the Add-SPShellAdmin cmdlet, visit this Microsoft page.

You can now use this account to back up your SharePoint content in CodeTwo Backup.

Configuring the site collection administrator (optional)

In order to perform backup and restore tasks on site collections existing in your SharePoint environment, the used admin account needs to be either a primary or secondary site collection administrator for each site collection. If that admin account is neither, the program will automatically set it as the secondary site collection administrator when:

• site collections are listed in the backup job wizard
• site collections are listed in the restore job wizard
• when site collections are being backed up
• when data is being restored to a selected site collection.

Keep in mind that this action will replace the existing secondary site collection administrators (learn more). You can check which users are currently set as secondary site collection administrators or set the secondary site collection administrator for specific site collection manually by following these steps:

1. In SharePoint Central Administration, go to Application Management and click Change site collection administrators (Fig. 13.).

Fig. 13. Accessing management settings for site collection administrators.

2. In the Site Collection Administrators window, select the site collection for which you want to set the secondary site collection administrator by clicking the down arrow in the Site Collection section and choosing Change Site Collection (Fig. 14.). In the window that opens, simply click the site URL and then click OK.

Fig. 14. Changing a site collection.

3. In the Secondary site collection administrator section of the window, click the browse (book icon) button (Fig. 15.).

Fig. 15. Changing a secondary site collection administrator.

4. In the Select People window that opens, provide the name of your admin account and click the search (magnifying glass icon) button. Once found, select that account and click OK (Fig. 16.).

Fig. 16. Browsing for a specific admin account.

5. Back in the Site Collection Administrators page, click OK to save new settings. Keep in mind that you need to click OK for each site collection separately in order for the changes to be applied. 
6. Repeat steps 1-5 until you have set the secondary site collection admin for all site collections.