locked
Changing service account passwords RRS feed

  • Question

  • Hi - following a security incident I have to change the passwords of all the main SharePoint service accounts - these are managed accounts in Central admin and include the App pool account, the setup account and the farm account

    The twist is we use the same service accounts in 5 separate production farms - (not my design!)

    I found this link - which seems to be the most comprehensive guide to changing passwords of service accounts

    My questions:

    1 - Is this the best guide available?

    2 - how will I manage this on 5 farms? e.g. for the App Pool account my guess is that I will change the password in AD and then  follow the steps for each farm - so expect lots of downtime

    All farms are SP2013

    Thanks!

    Jonj


    • Edited by jonjames Wednesday, March 27, 2019 9:05 AM added detail
    Wednesday, March 27, 2019 9:03 AM

Answers

  • Hi jonjames,

    1. The article provided in your post is the best guide to change the password of the service accounts.

    2. Yes, you should change the password of the account in AD and then change the password of the application pool account in each farm.

    If you want to use an existing password, you could use PowerShell command below.

    Set-SPManagedAccount -Identity $username -ExistingPassword $newpassword  -UseExistingPassword:$true


    Then you need to add $true after the -UseExistingPassword parameter.

    More reference:

    MSDN: Changing SharePoint farm passwords.

    https://mitra.computa.asia/articles/msdn-changing-sharepoint-farm-passwords

    Best regards,

    Sara Fan


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    • Marked as answer by jonjames Thursday, March 28, 2019 9:53 AM
    Thursday, March 28, 2019 6:54 AM

All replies

  • I'm planning on using this script after changing the password in AD

    $securepassword = convertto-securestring "NewPassword" -asplaintext -force
    
    Get-SPManagedAccount "Domain\SP_ServiceAccount" | Set-SPManagedAccount -ExistingPassword $securepassword -UseExistingPassword -confirm:$false

    Do I need to add $true after the -UseExistingPassword parameter?

    -UseExistingPassword $true

    Cheers

    Jonj


    • Edited by jonjames Wednesday, March 27, 2019 2:05 PM
    Wednesday, March 27, 2019 2:05 PM
  • Hi jonjames,

    1. The article provided in your post is the best guide to change the password of the service accounts.

    2. Yes, you should change the password of the account in AD and then change the password of the application pool account in each farm.

    If you want to use an existing password, you could use PowerShell command below.

    Set-SPManagedAccount -Identity $username -ExistingPassword $newpassword  -UseExistingPassword:$true


    Then you need to add $true after the -UseExistingPassword parameter.

    More reference:

    MSDN: Changing SharePoint farm passwords.

    https://mitra.computa.asia/articles/msdn-changing-sharepoint-farm-passwords

    Best regards,

    Sara Fan


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    • Marked as answer by jonjames Thursday, March 28, 2019 9:53 AM
    Thursday, March 28, 2019 6:54 AM