none
Password expiration policy for Sharepoint/Farm administrators

    Question

  • Dear all,

    We are running sharepoint server 2010 in our company, all going good. But our Active directory administrator has decided to implement the password expiration policy for all AD users. All users password in AD will expires after some days. My question is that what precations should i take for  Sharepiont users like SP_Admin, SP_Farm, SP_ServiceApps to run everything smoothly for sharepoint web applications, site collections, even the password expires every month in password expiration policy.

    Please help because i dont want to stop sharepoint.

    Thanks.

    Thursday, February 07, 2013 4:16 AM

Answers

  • Thanks Sachin,

    In your first thread you said sharepoint will take care off the password change and i can change the password or even in password expiration policy. Because of these user how an AD Administrator can stop this policy just because of these three users for the whole company. Can he omitt only sharepoint users and can impose the policy on rest of the employees of Password expiration policy  ???.

    I  mean can AD administrator apply this policy for all employees except these sharepoint users???

    Thanks in advance.

    Yes, all your administrator needs to do is check the box that says "Password does not expire" on the particular account in ADUC.

    SharePoint - Nauplius Applications
    Microsoft SharePoint Server MVP
    MCITP: SharePoint Administrator 2010

    -----------------------
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Friday, February 08, 2013 3:10 PM

All replies

  • Hi Rauf,

    You need to use Managed Account for these accounts . In managed account if the password is going to expire then SharePoint itself change password for those accounts prior to expire. You not need to worry about these.

    http://donahoo-development.com/index.php/2011/05/13/managed-accounts-password-expiration/

    http://www.sharepointlonghorn.com/Lists/Posts/Post.aspx?ID=6

    http://technet.microsoft.com/en-us/library/ff724280(v=office.14).aspx

    http://blogs.technet.com/b/wbaer/archive/2010/04/11/managed-accounts.aspx



    Did you find this Helpful? Please Mark it So! Thank you. Sachin Kumar

    Thursday, February 07, 2013 4:36 AM
  • Not all service accounts in use by SharePoint can have their password automatically changed.  Your Active Directory admin should understand that service accounts generally need to be marked with 'password does not expire' in AD.

    SharePoint - Nauplius Applications
    Microsoft SharePoint Server MVP
    MCITP: SharePoint Administrator 2010

    -----------------------
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Thursday, February 07, 2013 6:43 AM
  • Thanks for both participants,

    I am confused from both of comments, I also need to change the password of Farm and SP admin users, because i need to hide from those who know passwords of these accounts.

    Please anyone provide me the clear understanding that how can i change the passwords of these users, either change myself or in password expiration policy.

    Thanks

    Thursday, February 07, 2013 9:48 AM
  • Hi Rauf,

    Trevor is right your AD admin must aware about the service accounts and left these account not to apply password expiration policy.

    If you go with managed account then SharePoint change password automatically without informing any one. In this case you cannot get the password .


    Did you find this Helpful? Please Mark it So! Thank you. Sachin Kumar

    Thursday, February 07, 2013 10:20 AM
  • Thanks Sachin,

    In your first thread you said sharepoint will take care off the password change and i can change the password or even in password expiration policy. Because of these user how an AD Administrator can stop this policy just because of these three users for the whole company. Can he omitt only sharepoint users and can impose the policy on rest of the employees of Password expiration policy  ???.

    I  mean can AD administrator apply this policy for all employees except these sharepoint users???

    Thanks in advance.

    Friday, February 08, 2013 7:31 AM
  • Hi Rauf,

    Check below post you will get most of the answer of your questions.

    http://sharepointfordeveloper.blogspot.in/2012/02/sharepoint2010-system-acccount.html

    Please let me know if you have further issues.


    Did you find this Helpful? Please Mark it So! Thank you. Sachin Kumar

    Friday, February 08, 2013 8:24 AM
  • Thanks Sachin,

    In your first thread you said sharepoint will take care off the password change and i can change the password or even in password expiration policy. Because of these user how an AD Administrator can stop this policy just because of these three users for the whole company. Can he omitt only sharepoint users and can impose the policy on rest of the employees of Password expiration policy  ???.

    I  mean can AD administrator apply this policy for all employees except these sharepoint users???

    Thanks in advance.

    Yes, all your administrator needs to do is check the box that says "Password does not expire" on the particular account in ADUC.

    SharePoint - Nauplius Applications
    Microsoft SharePoint Server MVP
    MCITP: SharePoint Administrator 2010

    -----------------------
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Friday, February 08, 2013 3:10 PM