Install and Configure Replicator with Least Privilege Permissions
September 2023
You must meet the following requirements in order to be able to Install and Configure Replicator with a least privilege administrator account.
·Setup/Installer user should be a local administrator where Replicator is being installed.
·Setup/Installer user who is running the Replicator configuration wizard should have the following rights on SQL server:
oNo server level rights/roles should be assigned
oHave SPDataAccess rights on the SharePoint configuration Database
§For SharePoint 2010, SPDataAccess does not exist, so the user will need db_owner role membership on the SharePoint configuration DataBase.
·When users enable a web application for replication, Replicator deploys its SharePoint solution to the web application and creates data folders and their corresponding virtual directories in IIS on each web front-end server. If the farm account is not a local
Creating Virtual Directories for Farm Account Users that are not Local Administrators
SQL Server Configuration
This section will provide an overview of the steps required to configure your least privilege user to have the required rights on SQL server.
1.Open Microsoft SQL Server Management Studio. In the Object Explorer, expand the Security > Logins portion of the tree.
2.Double click on the user that will be installing and configuring Replicator. This will open the Login Properties window.
3.Select Server Roles from the left hand menu. On the Server Roles page, do not assign any server roles (the Public role is selected by default and cannot be deselected).
4.Select User Mapping from the left hand menu. Under the "Users mapped to this login" section, select your SharePoint Configuration database. This provides options in the "Database role membership" section on the bottom half of the window. Here select one of the following based on your version of SharePoint:
·SharePoint 2007 - db_owner
·SharePoint 2010 - db_owner
·SharePoint 2013 - SPDataAccess
·SharePoint 2016 - SPDataAccess
Creating Virtual Directories for Farm Account Users that are not Local Administrators
This section will provide an overview of the steps required to create IIS virtual directories in case the farm account user is not a local administrator.
1.Start the Replicator Powershell Console on your machine.
2.Run the Set-ReplicatorWebAppConfig cmlet by entering the following command into the Replicator Powershell Console:
PS> - Set-ReplicatorWebAppConfig -Url <WebAppUrl> -ConfigureWfe
Where <WebAppUrl> is the Url identifying the web application you enabled for replication. The PowerShell command is available in your Replicator installation directory. For more information on the PowerShell command, see the Metalogix Replicator Command-line Guide
3.Repeat these steps for each web application you are enabling for replication on each of your web front-end servers.
|
|
NOTE: These additional steps are applicable to Single server farms as well, where the farm account is not the local administrator. |
After you enable all of your web applications for replication, you can continue configuring Replicator.