Change SharePoint 2010 Service Account Passwords

Maybe you need to change a password for a service account used by one of the SharePoint services or even the farm admin account.

There are four options for changing a SharePoint 2010 service account password:

1. Use  SharePoint to update the password in Active Directory and SharePoint (both) by itself (Generate new password)

  • Open Central Administration.
  • Navigate to the Security page and click on the Configure Managed Accounts.
  • Click on the Edit icon next to the service account.
  • Check the Change password now checkbox.
  • Choose the Generate new password and enter the password.
  • Click OK to save the changes.
  • Check Possible Errors section on this post to troubleshooting;

On  this option, SharePoint will create a new password in Active Directory changing it on AD as well as on the Windows/SharePoint services where required.

Bellow the visual steps to perform through this option:

clip_image001

clip_image002

clip_image003

2. SharePoint chose the Password for you and update password in Active Directory and on SharePoint.

To change a service account password with SharePoint 2010, follow these steps:

  • Open Central Administration.
  • Navigate to the Security page and click on the Configure Managed Accounts.
  • Click on the Edit icon next to the service account.
  • Check the Change password now checkbox.
  • Choose the Set account password to new value and enter the password.
  • Click OK to save the changes.
  • Check Possible Errors section on this post to troubleshooting;

On this option, SharePoint will now change the password in Active Directory as well as on the Windows/SharePoint services where required to the password that you have typed.

Bellow the visual steps to perform through this option:

clip_image001

clip_image002

clip_image004

3. Change the password on the Active Directory first and then inform SharePoint of the new password.

To change a service account password with SharePoint 2010, follow these steps:

  • Open Active Directory Users and Computers.
  • Find the user account that you want to change the password. In our sample will be the account RBTSPAppPool.
  • Click on the user account name with right click of the mouse and select Reset Password… option.
  • Type the New Password.
  • Confirm the New Password.
  • Check the Unlock the user’s account checkbox.
  • Click Ok.
  • Click Ok.
  • Go to the SharePoint Application Server that runs the Central Administration.
  • Open Central Administration.
  • Navigate to the Security page and click on the Configure Managed Accounts.
  • Click on the Edit icon next to the service account.
  • Check the Change password now checkbox.
  • Choose the Use existing password and enter the password that you defined on AD in the step d.
  • Click OK to save the changes.
  • Check Possible Errors section on this post to troubleshooting;

On this option, SharePoint will use the password saved in the Active Directory that you set upon the step and will set up it for as well as on the Windows/SharePoint services where required.

Bellow the visual steps to perform through this option:

clip_image005

clip_image006

clip_image007

clip_image001

clip_image002

clip_image008

4. Use PowerShell to update all users accounts, following this steps:

  • Open Active Directory Users and Computers.
  • Find the user account that you want to change the password. In our sample will be the account RBTSPAppPool.
  • Click on the user account name with right click of the mouse and select Reset Password… option.
  • Type the New Password. In our sample we typed: P@ssw0rd2
  • Confirm the New Password. In our sample we typed: P@ssw0rd2
  • Check the Unlock the user’s account checkbox.
  • Click Ok.
  • Click Ok.
  • Create a file named ChangePasswordFarm.PS1 and save it on some folder in our application server;
  • Copy the code bellow and modify it according with your environment;

#########################################

#Set Execution
Policy

Set-ExecutionPolicy
-ExecutionPolicy Unrestricted -force

#Import SharePoint
Module

Add-PSSnapin
Microsoft.SharePoint.PowerShell -EA silentlycontinue

$MA =
Get-SPManagedAccount -Identity “MABOTEGA\RBTSPAppPool”

#Change P@ssw0rd2
to Your Password Desired

Set-SPManagedAccount
-Identity $MA  -ExistingPassword
(ConvertTo-SecureString “P@ssw0rd2” -AsPlainText -force) –confirm

#########################################

  • Repeat this for each user accounts used on your environment that you want to change.
  • Run this script on a “SharePoint 2010 Management Shell” window as administrator for your Farm.
  • Check Possible Errors section on this post to troubleshooting;

Bellow the visual steps to perform through this option:

clip_image009

Possible Errors:

1. Possible Error – Access Denied:

You might receive an Access Denied error message when attempting to change a password:

clip_image010

If you do receive this error, check that the service accounts doesn’t have the option “User cannot change password”  checked:

clip_image011

Uncheck the “User cannot change password” and retry updating the password in SharePoint.

When standard service accounts are normally created they are usually specified with both “User cannot change password” and “Password never expires”. The first option is normally set to ensure that the password cannot be maliciously changed by a user.

2- Possible Error – Password doesn’t meet complexity requirements:

If the password has already been changed in Active Directory and you attempt to use SharePoint to update then you will receive an error stating:

The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history equirements.

clip_image012

The resolution for this error is to configure SharePoint to use an existing password as the password has already been configured against the service account in Active Directory. This time when updating the password, select the use existing password option:

clip_image013

3 – Possible Error – The password supplied with the username Domain\RBTSPAppPool was not correct…..

You might receive an “The password supplied with the username Domain\RBTSPAppPool was not correct…..” error message when attempting to change a password through PowerShell:

clip_image014

Confirm that you have performed the steps a to h and use the correct password on the PowerShell command line.

If you are looking for change password on MOSS2007, follow the official link http://support.microsoft.com/kb/934838

I hope these tips can help you to change your SharePoint 2010 service account passwords safely and without headaches.

Advertisements

One thought on “Change SharePoint 2010 Service Account Passwords

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s