Create a user to back up SharePoint data

Problem:

You want to create a new admin account that is used by CodeTwo Backup to back up and restore SharePoint data. 

Solution:

Below you can find step-by-step instructions on how to create an admin account that has all the necessary roles and privileges to back up and restore data from:

How to create an admin account to back up and restore SharePoint Online data

  1. Log in to Office 365 portal as a global administrator.
  2. Open Microsoft 365 admin center (Office 365 admin center).
  3. On the Home page, click Active usersAdd a user.
  4. Fill in all the necessary fields and assign the SharePoint administrator role (Fig. 1.) to this user.

    730-1
    Fig. 1. Assigning the SharePoint administrator role in Office 365.

    Important

    You can also assign this user to the global administrator role; however, this role comes with many additional rights that are not necessary to run backup/restore jobs in CodeTwo Backup.

  5. Assign the Office 365 license with the SharePoint Online plan (Fig. 2.) to this user.

    730-2
    Fig. 2. Assigning an Office 365 license with the SharePoint Online plan.

  6. Click Add to create the account.

You can now use this account to back up your SharePoint content in CodeTwo Backup.

How to create an admin account to back up and restore SharePoint (on-premises) data

This section includes the following steps:

  1. Creating a new Active Directory user with administrator rights
  2. Adding the created admin account to the SharePoint Farm Administrators group
  3. Granting Full Control permissions to the SharePoint site at the Web Application Policy level
  4. Adding the admin account to the Remote Management Users group
  5. Adding the admin account to the SharePoint_Shell_Access role
  6. Configuring the site collection administrator 

Warning

In order to perform backup and restore jobs on site collections existing in your on-premises SharePoint environment, the admin account used in CodeTwo Backup needs to be either a primary or secondary site collection administrator. The program sets that admin account as the secondary site collection administrator automatically (to maintain the site collection integrity, the primary site collection administrator will not be changed). However, there can be only one primary and one secondary site collection administrator per site collection in on-premises SharePoint. So if you intend to create a new admin account to back up or restore your on-premises SharePoint data, keep in mind that the existing secondary site collection administrators will be replaced with that admin account. Learn more below

Creating a new Active Directory user with administrator rights

  1. On your Domain Controller, open Active Directory Users and Computers.
  2. Right-click the Users object in the left pane and then click New > User (Fig. 3.).

    730-3
    Fig. 3. Creating a new user in Active Directory.

  3. Fill in at least the Full name and User logon name fields (Fig. 4.) and click Next.

    730-4
    Fig. 4. Filling in the necessary user data.

  4. In the next step, provide the password and configure the remaining options according to your needs (Fig. 5.).

    730-5
    Fig. 5. Configuring the password settings.

  5. Click Next and Finish to create the new user.
  6. Right-click this user and select Add to a group.
  7. In the window that opens, type administrators, click Check Names and click OK (Fig. 6.).

    730-6
    Fig. 6. Selecting the Administrators group.

Important

Make sure to select the admin group of the server on which your SharePoint Server is installed. If necessary, specify the domain containing the relevant Active Directory group by clicking the Locations button.

Adding the created admin account to the SharePoint Farm Administrators group

  1. Open SharePoint Central Administration and go to Security > Manage the farm administrators group (Fig. 7.).

    730-7
    Fig. 7. Accessing the SharePoint Farm Administrators group.

  2. In the Farm Administrators window, click New > Add users to this group (Fig. 8.).

    730-8
    Fig. 8. Adding users to the Farm Administrators group.

  3. Start typing the name of your user and select it once it appears in the drop-down menu below (Fig. 9.).

    730-9
    Fig. 9. Selecting the appropriate user account.

  4. Click Share

Granting Full Control permissions to the SharePoint site at the Web Application Policy level

  1. In SharePoint Central Administration, go to Application Management > Manage web applications.
  2. Select SharePoint - 80 on the list and click User Policy on the ribbon (Fig. 10.).

    730-10
    Fig. 10. Accessing the SharePoint User Policy settings.

  3. In the Policy for Web Application window, click Add Users, select (All zones) from the drop-down menu, and click Next.
  4. In the next window, enter the full name or logon of your user in the Users box and click the Check Names button (Fig. 11.).

    730-11
    Fig. 11. Searching for the specific user account.

  5. Under Permissions, select the Full Control checkbox and click Finish.
  6. Click OK to apply the changes.

Adding the admin account to the Remote Management Users group

  1. On your SharePoint Server machine, go to Control Panel > Administrative Tools > Computer Management.
  2. Click Local Users and Groups in the left pane and double-click Groups.
  3. In the central pane, right-click the Remote Management Users group and select Add to Group (Fig. 12.).

    730-12
    Fig. 12. Adding users to the Remote Management Users group.

  4. In the properties window that opens, click Add, enter the name of your user, click Check Names, and then click OK two times.

Adding the admin account to the SharePoint_Shell_Access role

Important

Before you execute the Add-SPShellAdmin cmdlet, make sure the user account in question has been added to the Administrators group on the server where SharePoint is deployed. 

  1. Open SharePoint Management Shell and add your user to the SharePoint_Shell_Access role by using the following cmdlet:
    Add-SPShellAdmin -UserName <domain>\<user_name>
    For example:
    Add-SPShellAdmin -UserName DOMAIN140\sharepoint.admin

For more information on the Add-SPShellAdmin cmdlet, visit this Microsoft page.

You can now use this account to back up your SharePoint content in CodeTwo Backup.

Configuring the site collection administrator (optional)

In order to perform backup and restore tasks on site collections existing in your SharePoint environment, the used admin account needs to be either a primary or secondary site collection administrator for each site collection. If that admin account is neither, the program will automatically set it as the secondary site collection administrator when:

  • site collections are listed in the backup job wizard
  • site collections are listed in the restore job wizard
  • when site collections are being backed up
  • when data is being restored to a selected site collection.

Keep in mind that this action will replace the existing secondary site collection administrators (learn more). You can check which users are currently set as secondary site collection administrators or set the secondary site collection administrator for specific site collection manually by following these steps:

  1. In SharePoint Central Administration, go to Application Management and click Change site collection administrators (Fig. 13.).

730-13
Fig. 13. Accessing management settings for site collection administrators.

  1. In the Site Collection Administrators window, select the site collection for which you want to set the secondary site collection administrator by clicking the down arrow in the Site Collection section and choosing Change Site Collection (Fig. 14.). In the window that opens, simply click the site URL and then click OK.

730-14
Fig. 14. Changing a site collection.

  1. In the Secondary site collection administrator section of the window, click the browse (book icon) button (Fig. 15.).

730-15
Fig. 15. Changing a secondary site collection administrator.

  1. In the Select People window that opens, provide the name of your admin account and click the search (magnifying glass icon) button. Once found, select that account and click OK (Fig. 16.).

730-16
Fig. 16. Browsing for a specific admin account.

  1. Back in the Site Collection Administrators page, click OK to save new settings. Keep in mind that you need to click OK for each site collection separately in order for the changes to be applied. 
  2. Repeat steps 1-5 until you have set the secondary site collection admin for all site collections.

Tip

To set the secondary site collection administrator to multiple site collections at once, you can use the Set-SPSite cmdlet in SharePoint Management Shell. Learn more here