Create a user to back up SharePoint data

Problem:

You want to create a new admin account that is used by CodeTwo Backup to back up and restore SharePoint data. 

Solution:

Below you can find step-by-step instructions on how to create an admin account that has all the necessary roles and privileges to back up and restore data from:

How to create an admin account to back up and restore SharePoint Online data

  1. Log in to Office 365 portal as a global administrator.
  2. Open Microsoft 365 admin center (Office 365 admin center).
  3. On the Home page, click Active usersAdd a user.
  4. Fill in all the necessary fields and assign the SharePoint administrator role (Fig. 1.) to this user.

    730-1
    Fig. 1. Assigning the SharePoint administrator role in Office 365.

    Important

    You can also assign this user to the global administrator role; however, this role comes with many additional rights that are not necessary to run backup/restore jobs in CodeTwo Backup.

  5. Assign the Office 365 license with the SharePoint Online plan (Fig. 2.) to this user.

    730-2
    Fig. 2. Assigning an Office 365 license with the SharePoint Online plan.

  6. Click Add to create the account.

You can now use this account to back up your SharePoint content in CodeTwo Backup.

How to create an admin account to back up and restore SharePoint (on-premises) data

This section includes the following steps:

  1. Creating a new Active Directory user with administrator rights
  2. Adding the created admin account to the SharePoint Farm Administrators group
  3. Granting Full Control permissions to the SharePoint site at the Web Application Policy level
  4. Adding the admin account to the Remote Management Users group
  5. Adding the admin account to the SharePoint_Shell_Access role 

Important

Keep in mind that CodeTwo Backup supports only SharePoint Server 2016 and 2013.

Creating a new Active Directory user with administrator rights

  1. On your Domain Controller, open Active Directory Users and Computers.
  2. Right-click the Users object in the left pane and then click New > User (Fig. 3.).

    730-3
    Fig. 3. Creating a new user in Active Directory.

  3. Fill in at least the Full name and User logon name fields (Fig. 4.) and click Next.

    730-4
    Fig. 4. Filling in the necessary user data.

  4. In the next step, provide the password and configure the remaining options according to your needs (Fig. 5.).

    730-5
    Fig. 5. Configuring the password settings.

  5. Click Next and Finish to create the new user.
  6. Right-click this user and select Add to a group.
  7. In the window that opens, type administrators, click Check Names and click OK (Fig. 6.).

    730-6
    Fig. 6. Selecting the Administrators group.

Important

Make sure to select the admin group of the server on which your SharePoint Server is installed. If necessary, specify the domain containing the relevant Active Directory group by clicking the Locations button.

Adding the created admin account to the SharePoint Farm Administrators group

  1. Open SharePoint Central Administration and go to Security > Manage the farm administrators group (Fig. 7.).

    730-7
    Fig. 7. Accessing the SharePoint Farm Administrators group.

  2. In the Farm Administrators window, click New > Add users to this group (Fig. 8.).

    730-8
    Fig. 8. Adding users to the Farm Administrators group.

  3. Start typing the name of your user and select it once it appears in the drop-down menu below (Fig. 9.).

    730-9
    Fig. 9. Selecting the appropriate user account.

  4. Click Share

Granting Full Control permissions to the SharePoint site at the Web Application Policy level

  1. In SharePoint Central Administration, go to Application Management > Manage web applications.
  2. Select SharePoint - 80 on the list and click User Policy on the ribbon (Fig. 10.).

    730-10
    Fig. 10. Accessing the SharePoint User Policy settings.

  3. In the Policy for Web Application window, click Add Users, select (All zones) from the drop-down menu, and click Next.
  4. In the next window, enter the full name or logon of your user in the Users box and click the Check Names button (Fig. 11.).

    730-11
    Fig. 11. Searching for the specific user account.

  5. Under Permissions, select the Full Control checkbox and click Finish.
  6. Click OK to apply the changes.

Adding the admin account to the Remote Management Users group

  1. On your SharePoint Server machine, go to Control Panel > Administrative Tools > Computer Management.
  2. Click Local Users and Groups in the left pane and double-click Groups.
  3. In the central pane, right-click the Remote Management Users group and select Add to Group (Fig. 12.).

    730-12
    Fig. 12. Adding users to the Remote Management Users group.

  4. In the properties window that opens, click Add, enter the name of your user, click Check Names, and then click OK two times.

Adding the admin account to the SharePoint_Shell_Access role

Important

Before you execute the Add-SPShellAdmin cmdlet, make sure the user account in question has been added to the Administrators group on the server where SharePoint is deployed. 

  1. Open SharePoint Management Shell and add your user to the SharePoint_Shell_Access role by using the following cmdlet:
    Add-SPShellAdmin -UserName <domain>\<user_name>
    For example:
    Add-SPShellAdmin -UserName DOMAIN140\sharepoint.admin

For more information on the Add-SPShellAdmin cmdlet, visit this Microsoft page.

You can now use this account to back up your SharePoint content in CodeTwo Backup.