Change Passwords for SharePoint Accounts

While on a project I had taken a couple of days off to move to another project.  I left the implementation fully configured, and returned to migrate data to the new SharePoint environment.  When I walked in the door, I was greeted with “Dan, SharePoint isn’t working.”.  It wasn’t, everything had ceased.  “No bueno…”

After a little bit of digging, I discovered that while in my absence they had changed all of the passwords for the Service accounts that I was using for SharePoint.  And typically when I do my implementations I use a least privileged approach (future post on that, but it means that I use a specific account that is intended for its specific role and nothing else).

Below is a guide on how to update your Service accounts for SharePoint if the passwords have changed.  Very useful if you find yourself in this position, or your organization mandates password changes every XX amount of days.

SQL Server Service Account

To update the password for your SQL Service Account: (SQL Server 2005 in my example)

  1. Log onto the SQL Server utilizing admin credentials.
  2. Launch the SQL Server Configuration Manager
  3. Expand the SQL Server 2005 Services
    1. View the properties (Right-Click) for each account and type in the new password. Click Apply.

      image

  4. SQL Server Reporting Services
    1. The properties for SQL Server Reporting Services will appear different than the other services’ properties.

    2. Click the Configure button
      image

    3. Select Windows Service Identity from the left-hand navigation

    4. Enter in the new password. Click Apply.

      image

  5. Restart the server / services.


SharePoint Service Accounts

Update Central Administration Account

First things first, you need to update the Central Admin account and you’ll do it with stsadm.

  1. On servers that host the Central Administration Web site run stsadm and type in the below command and then hit the Enter button.

    stsadm -o updatefarmcredentials -userlogin DOMAIN\USERNAME -password THEPASSWORD

    image

  2. On the other servers in the farm that don’t host Central Admin site, type in the below command and then hit the Enter button.
    stsadm -o updatefarmcredentials -userlogin DOMAIN\USERNAME -password THEPASSWORD –local

  3. Restart IIS with the following command: iisreset /noforce

Before moving forward you need to verify that the timer job that runs in the background for this operation has completed running.  You can verify this in Central Admin > Operations > Timer job definitions.  If Administration Application Pool Credential Deployment is listed, wait until its gone.  If it isn’t listed, your good to go to move forward.  Next up, our Application Pool Accounts.

Application Pool Accounts

Your web applications in your server farm typically have a service account for each application pool (they should anyway: sharepoint site, mysites, etc…). For each app pool, run stsadm and type in the below command and then hit the Enter button.  You’ll need to do this on every server in your farm, for each app pool account.  Next up, our Search Accounts.

stsadm -o updateaccountpassword -userlogin DOMAIN\USERNAME -password THEPASSWORD –noadmin

 image

Search Accounts

There are several accounts related to Search, and they will all need to be updated.  For each, run stsadm and type in the appropriate command and then hit the Enter button.  You’ll need to do this on every server in your farm.

Windows SharePoint Services Help Search service account:

stsadm -o spsearch -farmserviceaccount DOMAIN\USERNAME -farmservicepassword THEPASSWORD

 image

Default content access account that is used by the Windows SharePoint Services Help Search service.

stsadm -o spsearch -farmcontentaccessaccount DOMAIN\USERNAME -farmcontentaccesspassword THEPASSWORD

 image

Office SharePoint Server Search service.

stsadm -o osearch -farmserviceaccount DOMAIN\USERNAME -farmservicepassword THEPASSWORD

 image

Default content access account for Office SharePoint Server Search – you can do this one in the UI, no stsadm:

  1. Navigate to Central Admin, and browse your SSP Web application under Shared Services Administration.

  2. Click Search settings

  3. Click Default content access account

  4. Enter the new password for the default content access account and then click the OK button.

     image

Shared Service Accounts

You’re just about done, but you still have the Shared Service accounts remaining.  You’ll also need to update passwords for the Shared Services Provider (SSP) accounts. Again, on all servers in the farm. Run stsadm and type in the following command and hit Enter.

stsadm -o editssp -title SharedServicesProviderName -ssplogin DOMAIN\USERNAME -ssppassword THEPASSWORD

 image

Excel Services. You can change this one in the web UI (CA):

  1. Navigate to Central Admin, and browse your SSP Web application under Shared Services Administration.

  2. Click edit Excel Services settings

  3. Enter the new password for the Excel Calculation Services account and then click the OK button.

     image

Profile Access account.

  1. Navigate to Central Admin, and browse your SSP Web application under Shared Services Administration.

  2. Click User profiles and properties

  3. Click Configure profile import

  4. Enter the new password for the Access account and then click the OK button.

     image

 

Summary

As you can tell, there's quite a few steps to update your passwords in a SharePoint environment.  Now you have the manual steps to make it happen.  Gary Lapointe has a great script that you can set up and use to update your passwords much faster.  You can learn about it here: https://stsadm.blogspot.com/2008/10/change-password-script.html 

For additional information and details, you can refer to this knowledge base from Microsoft.  It’s what I used as a reference when I first documented this process for myself. 
https://support.microsoft.com/kb/934838