Remove From My Forums

Changing service account passwords

Question
0

Sign in to vote
Hi - following a security incident I have to change the passwords of all the main SharePoint service accounts - these are managed accounts in Central admin and include the App pool account, the setup account and the farm account

The twist is we use the same service accounts in 5 separate production farms - (not my design!)

I found this link - which seems to be the most comprehensive guide to changing passwords of service accounts

My questions:

1 - Is this the best guide available?

2 - how will I manage this on 5 farms? e.g. for the App Pool account my guess is that I will change the password in AD and then follow the steps for each farm - so expect lots of downtime

All farms are SP2013

Thanks!

Jonj
- Edited by jonjames Wednesday, March 27, 2019 9:05 AM added detail
Wednesday, March 27, 2019 9:03 AM

Answers

0

Sign in to vote
Hi jonjames,

1. The article provided in your post is the best guide to change the password of the service accounts.

2. Yes, you should change the password of the account in AD and then change the password of the application pool account in each farm.

If you want to use an existing password, you could use PowerShell command below.

Set-SPManagedAccount -Identity $username -ExistingPassword $newpassword -UseExistingPassword:$true

Then you need to add $true after the -UseExistingPassword parameter.

More reference:

MSDN: Changing SharePoint farm passwords.

https://mitra.computa.asia/articles/msdn-changing-sharepoint-farm-passwords

Best regards,

Sara Fan
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

SharePoint Server 2019 has been released, you can click here to download it.
Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.
- Marked as answer by jonjames Thursday, March 28, 2019 9:53 AM
Thursday, March 28, 2019 6:54 AM

All replies

0

Sign in to vote
I'm planning on using this script after changing the password in AD

$securepassword = convertto-securestring "NewPassword" -asplaintext -force Get-SPManagedAccount "Domain\SP_ServiceAccount" | Set-SPManagedAccount -ExistingPassword $securepassword -UseExistingPassword -confirm:$false

Do I need to add $true after the -UseExistingPassword parameter?

-UseExistingPassword $true

Cheers

Jonj
- Edited by jonjames Wednesday, March 27, 2019 2:05 PM
Wednesday, March 27, 2019 2:05 PM
0

Sign in to vote
Hi jonjames,

1. The article provided in your post is the best guide to change the password of the service accounts.

2. Yes, you should change the password of the account in AD and then change the password of the application pool account in each farm.

If you want to use an existing password, you could use PowerShell command below.

Set-SPManagedAccount -Identity $username -ExistingPassword $newpassword -UseExistingPassword:$true

Then you need to add $true after the -UseExistingPassword parameter.

More reference:

MSDN: Changing SharePoint farm passwords.

https://mitra.computa.asia/articles/msdn-changing-sharepoint-farm-passwords

Best regards,

Sara Fan
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

SharePoint Server 2019 has been released, you can click here to download it.
Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.
- Marked as answer by jonjames Thursday, March 28, 2019 9:53 AM
Thursday, March 28, 2019 6:54 AM

Answered by:

Changing service account passwords

Question

Answers

All replies