Forum Discussion
PowerShell - SharePoint Server - User Profiles - Access denied
Dear Colleagues,
I can not access User Profiles from SharePoint 2019 on premise through PowerShell.
I am DB Owner on the User Profile Database and Loacal Administartor on the Windows Servers for SharePoint Frontend and for SharePoint Database. I am Administrator in the User Profile Services.
I can access the User Profiles with the identical code written in a Farm Solution.
Here is the code:
Param (
[string]$WebUrl
)
Add-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue
$Assemblies = ("System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", "Microsoft.SharePoint, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c", "Microsoft.Office.Server, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c", "Microsoft.Office.Server.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c")
$Code = @"
using System;
using System.Collections;
using System.Collections.Generic;
using Microsoft.Office.Server.UserProfiles;
using Microsoft.SharePoint;
namespace TestGetAllUserProfilesWithElevatedPrivileges
{
public static class Utility
{
public static List<string> GetAccountNames(string webUrl)
{
List<string> accountNames = new List<string>();
if (!string.IsNullOrEmpty(webUrl))
{
SPSecurity.RunWithElevatedPrivileges(delegate () {
try
{
using (SPSite site = new SPSite(webUrl))
{
SPServiceContext serviceContext = SPServiceContext.GetContext(site);
if (serviceContext != null)
{
UserProfileManager userProfileManager = new UserProfileManager(serviceContext);
if (userProfileManager != null)
{
IEnumerator userProfiles = userProfileManager.GetEnumerator();
if (userProfiles != null)
{
while (userProfiles.MoveNext())
{
UserProfile userProfile = userProfiles.Current as UserProfile;
if (userProfile != null)
{
string accountName = userProfile.AccountName;
if (!string.IsNullOrEmpty(accountName))
{
accountNames.Add(accountName);
}
}
}
}
}
}
}
}
catch (Exception ex)
{
string errorMessage = ex.Message + " " + ex.ToString();
accountNames.Add(errorMessage);
}
});
}
return accountNames;
}
}
}
"@
Add-Type -TypeDefinition $Code -Language CSharp -ReferencedAssemblies $Assemblies
$accountNames = [TestGetAllUserProfilesWithElevatedPrivileges.Utility]::GetAccountNames($WebUrl)
if ($accountNames) {
foreach($accountName in $accountNames) {
if ($accountName) {
Write-Host $accountName
}
}
}
And here is the error message:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.Office.Server.UserProfiles.IProfileDBCacheService.GetUserData(UserSearchCriteria searchCriteria)
at Microsoft.Office.Server.UserProfiles.ProfileDBCacheServiceClient.<>c__DisplayClass3.<GetUserData>b__0(IProfileDBCacheService channel)
at Microsoft.Office.Server.Infrastructure.ChannelInvoke`1.ExecuteOnChannel(String operationName, Action`1 codeBlock, ChannelInvokeSettings channelInvokeSettings)
at Microsoft.Office.Server.UserProfiles.MossClientBase`1.ExecuteOnChannelWithRetries(String operationName, Action`1 codeBlock)
at Microsoft.Office.Server.UserProfiles.ProfileDBCacheServiceClient.ExecuteOnChannel(String operationName, CodeBlock codeBlock)
at Microsoft.Office.Server.UserProfiles.ProfileDBCacheServiceClient.GetUserData(UserSearchCriteria searchCriteria)
--- End of inner exception stack trace ---
at Microsoft.Office.Server.UserProfiles.ProfileDBCacheServiceClient.GetUserData(UserSearchCriteria searchCriteria)
at Microsoft.Office.Server.UserProfiles.UserProfileCache.GetBulkUserData(UserProfileManager objManager, String searchColumn, IList searchList)
at Microsoft.Office.Server.UserProfiles.UserProfileCache.GetBulkUserProfiles(UserProfileManager objManager, String searchColumn, IList searchList, Boolean includeNullsForUnresolvableUsers, Int64& lFai
ledCount)
at Microsoft.Office.Server.UserProfiles.UserProfileCache.GetBulkUserProfiles(UserProfileManager objManager, List`1 userIdList, Boolean includeNullsForUnresolvableUsers, Int64& lFailedCount)
at Microsoft.Office.Server.UserProfiles.ProfileEnumerator`1.PopulateUserProfileQueue(IList userSearchList)
at Microsoft.Office.Server.UserProfiles.ProfileEnumerator`1.PopulateQueue()
at Microsoft.Office.Server.UserProfiles.ProfileEnumerator`1.MoveNext()
at TestGetAllUserProfilesWithElevatedPrivileges.Utility.<>c__DisplayClass2.<GetAccountNames>b__0()
Thank you for your help.
With best regards
Ladislav Stupak
- 1. Add-SPShellAdmin
I ran Add-SPShellAdmin:
Get-SPDatabase | ? {$ _. Name -eq "UserProfile Database Name"} | Add-SPShellAdmin -Username Domain\LoginName
On sharepointcommunity.de I have received a hint for it:
http://sharepointcommunity.de/forums/p/45151/110614.aspx#110614
2. User Profile Service Application - Permissions
I have assigned myself Full Control rights in Central Administration in the User Profile Service Application under Sharing - Permissions.
(As an administrator, I had already set myself up in the User Profile Service Application. That was not enough.)
Now I can run the scripts through the user profiles.
1 Reply
- 1. Add-SPShellAdmin
I ran Add-SPShellAdmin:
Get-SPDatabase | ? {$ _. Name -eq "UserProfile Database Name"} | Add-SPShellAdmin -Username Domain\LoginName
On sharepointcommunity.de I have received a hint for it:
http://sharepointcommunity.de/forums/p/45151/110614.aspx#110614
2. User Profile Service Application - Permissions
I have assigned myself Full Control rights in Central Administration in the User Profile Service Application under Sharing - Permissions.
(As an administrator, I had already set myself up in the User Profile Service Application. That was not enough.)
Now I can run the scripts through the user profiles.