Configure Object Cache User Accounts

STEP 1: Create the user accounts in Active Directory

Super Reader Account: domainSuperReader

Super User Account: domainSuperUser

STEP 2: Set Permissions in Central Administration

  1. Verify that the user account that is performing this procedure is a member of the Farm Administrators group on the computer that is running the SharePoint Central Administration website.
  2. On the Central Administration website, in the Application Managementsection, click Manage web applications.
  3. Click the name of the web application that you want to configure.
  4. On the Web Applicationstab, in the Policy group, click User Policy.
  5. In the Policy for Web Application window, click Add Users.
  6. From the Zoneslist, select All zones, and then click Next.
  7. In the Usersbox, type the user name for the Portal Super User account.
  8. Click the Check Namesicon to ensure that the account name can be resolved by the authentication providers on the application server.
  9. In the Choose Permissionssection, check the Full Control – Has full control
  10. Click Finish.
  11. Repeat Steps 5 through 8 for the Portal Super Reader account.
  12. In the Choose Permissionssection, check the Full Read – Has full read-only access
  13. Click Finish.
  14. Make note of how the names for the Object Cache Super Reader and Object Cache Super User accounts are displayed in the User Name The displayed strings will be different depending on whether you are using claims authentication for the web application.

STEP 3: Set the SuperReader and SuperUser account in the Web Application (Powershell)

Copy and paste the following text into a Powershell window

  • $wa = Get-SPWebApplication -Identity “<WebApplication>
  • $wa.Properties[“portalsuperuseraccount”] = “<SuperUser>
  • $wa.Properties[“portalsuperreaderaccount”] = “<SuperReader>
  • $wa.Update()


<WebApplication> is the URL of the Web Application

<SuperUser> is the Super User account in the format domainuser

<SuperReader> is the Super User account in the format domainuser

Be careful if your web application is in Claims Mode Authentication, because you must use the format i:0#.w|domainuser

Hope it helps!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s