SharePoint 2016: Managed Metadata Service application rapid deployment steps
Introduction
This posting walks through the steps for rapidly deploying a Managed Metadata service application to a SharePoint Server 2016 Enterprise farm via two PowerShell commandlets and a few administrative account provisioning steps performed in Central Administration. All commandlets are executed in an elevated SharePoint Management Shell on a farm SharePoint server. A user farm administrator account was used to execute the PowerShell commandlets.
Procedure
01) Build the script
$newSPMManagedMetadataServiceApplicationSplat = @{ Name= "Managed Metadata Service Application" DatabaseName= "SP2016_Service_ManagedMetadata" ApplicationPool= "ServiceApplicationAppPool" FullAccessAccount= "DOMAIN\SPFarm" DatabaseServer= "DBALIAS" } $MMSApp = New-SPMetadataServiceApplication @newSPMetadataServiceApplicationSplat New-SPMetadataServiceApplicationProxy -Name "Managed Metadata Service Application Proxy" ' -ServiceApplication $MMSApp -DefaultProxyGroup
02) Execute the script
Select the splat first; copy and paste it into the shell, and then hit ENTER. Note that afterwards, you'll see the double right arrows ">>". Hit ENTER again and the prompt returns. As a check, enter just this part, $newSPMManagedMetadataServiceApplicationSplat, and hit ENTER. You'll see a two-column listing of parameters and their values.
Next, select the two commandlets to create the service application and its proxy. Copy and past them into the shell and hit ENTER. It will take several minutes to complete. If the DBA has created new DB creation notifications, you'll receive one in about a minute.
03) Verify Term Store Management Tool access from Central Administration
On a farm SharePoint server, launch Central Administration, and then navigate to:
- CA > Application Management > Service Applications > Manage service applications > [Select the Managed Metadata Service Application list item]
On the SERVICE APPLICATIONS tab of the ribbon, click the Permissions button. You should see DOMAIN\SPFarm listed and granted Full Access to Term Store permissions.
Now click the browser BACK button, and then click on Managed Metadata Service Application. The Term Store Management Tool should appear.
This access is dependent on granting the farm account full access. Try it: remove the farm account connection permissions and then try accessing the Term Store Management Tool again.
04) Grant the web application's application pool identity full access
Now click on the browser BACK button to get back to the listing of service applications. Select the Managed Metadata Service Application (don't click on it), and then click the Permissions button again. This time, add the application pool identity of the web application hosting the site collections you want to service this managed metadata to, and then grant that identity full access.
05) Verify Term Store Management Tool access from the site collection
Launch a browser, ad then connect to the site collection of interest. Then navigate to:
- Settings > Site Settings > Site Administration > Term Store Management Tool
Access to the Management Tool from a site collection depends on the hosting web application's application pool identity being granted some level of access. If you want to enable future site collection administrators to be able to add and edit terms, you'll need to provision the identity with full access. Otherwise, just provision with read access.
06) Verify new Managed Metadata service application in default proxy group
Just execute the following commandlet in the same elevated shell:
(Get-SPServiceApplicationProxyGroup).Proxies | sort DisplayName | ft DisplayName,TypeName -auto
Summary
This posting presented steps for rapidly deploying a Managed Metadata service application to a SharePoint Server 2016 enterprise farm using an elevated instance of the SharePoint Management Shell and a few commandlets.
References
- Create the Managed Metadata Service Application in SharePoint Server (GUI & PowerShell)
- New-SPMetadataServiceApplication
- New-SPMetadataServiceApplicationProxy
- SharePoint Error : The Managed Metadata Service or Connection is currently not available. The Application Pool or Managed Metadata Web Service may not have been started.
- Create Managed Metadata Service Application (MMS) in SharePoint 2016 using PowerShell
- SharePoint 2013 | Service application Permissions | What is Local Farm user and why is it required
- The Managed Metadata Service 'Managed Metadata Service' is inaccessible.
- Create a Managed Metadata column
Notes
- Farm was updated through August 2019 CU.
- If you deploy this service application using the wizard in Central Administration, you'll eventually discover, when you click the Permissions button, that an odd account, Local Farm, has been provisioned with full access. So long as Local Farm is left there, you'll be able to access the Term Store Management Tool either through Central Administration or through the site collection. But removing this one entry adversely impacts both of these accesses. If you do create the Managed Metadata service application using the wizard, and then you later remove the Local Farm permissions, you can re-create those accesses by simply adding the farm service account and the web application's application pool identity and grant them both full access.
- To provision more than one one account with full access connection permission, specify them for the FullAccessAccount parameter as a comma-separated string. For example, to provision both the farm service account and the web application's application pool identity with full access, specify them as "DOMAIN\spfarm,DOMAIN\sppool". Note that there is no space between comma-delimited values.
- Some initial differences between creating a Managed Metadata service application using the Central Administration wizard and PowerShell (using the splat presented above):
Item Wizard PowerShell MMSA Database User Mappings Login Account public public, db_owner Farm Service Account public, db_owner public Service application identity public, db_owner public, db_owner Web application pool identity public public Connection Permissions Local Farm Full Access (not listed) Farm Service Account (not listed) Full Access Web application pool identity (not listed) (not listed) Service Application Administrators (none listed) (none listed) Term Store Management Tool accessible through CA Yes Yes Term Store Management Tool accessible through site collection Yes No Term Store Administrators (Login account) (Login account) - Accounts granted connection permissions after the Managed Metadata service application has been created will appear listed in the Connection Permissions dialog in claims-encoded format.