Publishing Service Applications with PowerShell

  • Article

Publishing Service Applications with PowerShell

While scripting the deployment of a multiple farm SharePoint 2010 environment with a Shared Services farm providing services to consuming farms, the question arose, is it possible to publish a service application with PowerShell? Without this scripted capability, many manual steps would be necessary to build the farm. There are no published PowerShell cmdlets to publish service applications, so investigation was needed.

Using the Get-Member cmdlet to display all the properties of a service application object led to the discovery of these public properties and methods:

Property/Method

Description

Shared

Set to $true to publish the service application

Comments

The comment, or description, the consuming farm will see when connecting to the service application

TermsOfServiceUri

The URI of a custom page that displays the terms of service. Not used in our project, but might be useful if sharing a service to tenants

Update()

Persist object changes to the configuration database

 

Armed with this knowledge, a service application can be published with the following PowerShell snippet:

$serviceApp = Get-SPServiceApplication | ? {$_.GetType().ToString() -eq "Microsoft.Office.Server.Administration.UserProfileApplication"}
$termsOfServiceUri = $null
$name = $serviceApp.name

Write-Host -ForegroundColor White " - Publishing Service Application $name ..."

$serviceApp.Shared   = $true
$serviceApp.Comments = "Shared Services Farm User Profile Application"

if (($termsOfServiceUri -ne $null) -and ($termsOfServiceUri.length -gt 0))
{
    $serviceApp.TermsOfServiceUri = $termsOfServiceUri
}

$serviceApp.Update()

The stretch goal then becomes, is it possible to grant a consuming farm permissions to the a published service application with PowerShell?

Again, with some research, the answer is yes – assuming you know the consuming farm ID. This PowerShell snippet grants the consuming farm access.

$ServiceAppSecurity = Get-SPServiceApplicationSecurity $serviceApp.Id
$claimProvider = (Get-SPClaimProvider | ?{$_.DisplayName -eq "System"})
$principal =  New-SPClaimsPrincipal "<CONSUMING-FARM-GUID>" -ClaimType "https://schemas.microsoft.com/sharepoint/2009/08/claims/farmid" -ClaimProvider $claimProvider.ClaimProvider

if ($principal -ne $null)
{
       Grant-SPObjectSecurity $ServiceAppSecurity -Principal $principal -Rights "Full Control"
   Set-SPServiceApplicationSecurity $serviceApp.Id -objectSecurity $ServiceAppSecurity -ErrorAction SilentlyContinue

   $value = $principal.Value
   Write-Host -ForegroundColor White " - $value granted Full Control Permission to Service Application $name."
}