Skip to main content

Create User Profile And Secure Store Service Applications Using PowerShell

The service applications configuration can be done from Central Administration as well. But creating the service application through Central Administration requires many clicks to be performed like first start the service, then create service application and service application proxy by entering all the required information for the service application creation.

Here in this post I will demonstrate the commands for creating User Profile Service Application and Secure Store Service Applications which will be useful for SharePoint Administrators and Developers who require to create the service applications.

Create New User Profile Service Application

Create a Service Application:

$upa=New-SPProfileServiceApplication -Name "SP2013 User Profile Service"
-ApplicationPool "SharePoint Web Services Default" -MySiteHostLocation "http://sp2013/my"
-MySiteManagedPath "my/personal" -ProfileDBName "SP2013_ProfileDB" -ProfileSyncDBName "SP2013_SyncDB"
-SocialDBName "SP2013_SocialDB" -Verbose

Create a Service Application Proxy:

New-SPProfileServiceApplicationProxy -Name "SP2013 User Profile Service Proxy"
-ServiceApplication $upa -DefaultProxyGroup

Start User Profile Service:

StartServiceInstance "User Profile Service"

Start User Profile Synchronization Service:

$upa.SetSynchronizationMachine("SERVERNAME", <User Profile Synchronization Service ID>, "domain\username", "password")
StartServiceInstance "User Profile Synchronization Service"

Create New Secure Store Service Application

Secure Store Service was introduced with SharePoint2010 as replacement to SS0. It lets user to securely store data through specific set of credentials used to connect to external systems by associating the credentials to specific identity or group of identities of external system.

Create a Service Application:

 $ServiceApplication = New-SPSecureStoreServiceApplication -Name "SP2013 Secure Store Service" –ApplicationPool "SharePoint Web Services Default" –DatabaseName "SP2013SecureStore" –DatabaseServer "SP2013SharePointDB" -AuditingEnabled false 

Create a Service Application Proxy:

$ServiceApplicationProxy = New-SPSecureStoreServiceApplicationProxy -Name "SP2013 Secure Store ServiceProxy" -ServiceApplication $ServiceApplication -DefaultProxyGroup

Start Secure Store Service:

StartServiceInstance "Secure Store Service"
Now, to connect to external sources a Master Key and Application Key is required to be generated based on which you can now create target applications IDs and set credentials and permissions. So below is the PowerShell commands to create these initial keys:

Get a reference to the secure store service application:

 $secureStore=Get-SPServiceApplicationProxy | where { $_.GetType().Equals([Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy
]) }

Create Master Key:

Update-SPSecureStoreMasterKey -ServiceApplicationProxy $secureStore.Id -Passphrase "passPhrase1"

Create Application Key:

Update-SPSecureStoreApplicationServerKey -ServiceApplicationProxy $secureStore.Id -Passphrase "passPhrase1"

Thus, we can create the service applications easily using powershell. In my next blog, will explain how to manage content databases using power shell.

Till then enjoy using powershell 😊