Configuring User Profile Service and User Profile Synchronization Service via PowerShell

Here are some scripts to configure the UPS and UPSS via PowerShell. You’ll need to fill in the blanks, of course.

$sb = {
Add-PSSnapin Microsoft.SharePoint.PowerShell          
New-SPProfileServiceApplication -Name $args[0] -ApplicationPool $args[1] -ProfileDBName "Profile" -ProfileDBServer $args[2] -SocialDBName "Social" -SocialDBServer $args[2] -ProfileSyncDBName "Sync" -ProfileSyncDBServer $args[2] -ErrorAction SilentlyContinue -ErrorVariable er > $null
do {Start-Sleep 2} while ((Get-SPServiceApplication | where {$_.TypeName -eq "User Profile Service Application"}).Status -ne "Online")
$upa = Get-SPServiceApplication | where {$_.TypeName -eq "User Profile Service Application"}
New-SPProfileServiceApplicationProxy -Name "User Profile Service Proxy" -ServiceApplication $upa -DefaultProxyGroup > $null
} 

$upaapppool = Get-SPServiceApplicationPool -Identity "User Profile Service"
$FarmUser = Get-Credential "DOMAINFarmAccount"
$dBServer = "DatabaseServer"
$userProfileSAName = "User Profile Service"
$MySites = "http://mysites"
$job = @(Start-Job -Credential $FarmUser -ScriptBlock $sb -ArgumentList $userProfileSAName, $upaapppool.Name, $dBServer, $FarmUser.Username)| Wait-Job
$upa = Get-SPServiceApplication | where {$_.TypeName -eq "User Profile Service Application"}
Set-SPProfileServiceApplication -Identity $upa -Name $upa.Name -MySiteHostLocation $mysites

And for the UPSS:

$syncMachine = Get-SPServer SharePointAppLayer
$profApp = Get-SPServiceApplication | where {$_.TypeName -eq "User Profile Service Application"}
$syncSvc = Get-SPServiceInstance -Server $syncMachine | where-object {$_.TypeName -eq "User Profile Synchronization Service"}
$syncSvc.Status = [Microsoft.SharePoint.Administration.SPObjectStatus]::Provisioning
$syncSvc.IsProvisioned = $false
$syncSvc.UserProfileApplicationGuid = $profApp.Id
$syncSvc.Update()

$profApp.SetSynchronizationMachine($syncMachine.Address, $syncSvc.Id, DOMAINFarmAcctount, Password)
if ($syncSvc.Status -ne "Online") {
Start-SPServiceInstance $syncSvc | out-null
}

do {Start-Sleep 2} while ((Get-SPServiceInstance -Server $syncMachine | where {$_.TypeName -eq "User Profile Synchronization Service"}).Status -ne "Online")

If you need to mask the password for the UPSS, you can use the below function. You will need to perform a Get-Credential on the Farm User account, e.g.:

$FarmUser = Get-Credential "DOMAINFarmAccount"

Change the line $profApp.SetSynchronizationMachine to:

$profApp.SetSynchronizationMachine($syncMachine.Address, $syncSvc.Id, $FarmUser.UserName, (ConvertTo-UnsecureString $FarmUser.Password))

Then add this function:

Function ConvertTo-UnsecureString([System.Security.SecureString]$string)
{
	$unmanagedString = [System.Runtime.InteropServices.Marshal]::SecureStringToGlobalAllocUnicode($string)
	$unsecureString = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($unmanagedString)
	System.Runtime.InteropServices.Marshal]::ZeroFreeGlobalAllocUnicode($unmanagedString)
	return $unsecureString
}

Trevor Seward is a Microsoft Office Apps and Services MVP who specializes in SharePoint Server administration, hybrid scenarios, and SharePoint Online. He has been working with SharePoint for 16 years from SharePoint 2003 on up, managing environments with terabytes of content for 150,000+ user organizations. Trevor is an author of Deploying SharePoint 2016 and Deploying SharePoint 2019. You can find him on Twitter and in /r/sharepoint.