How to change service accounts and service account passwords in SharePoint Server 2007 and in Windows SharePoint Services 3.0
INTRODUCTION
This article describes how to change the passwords for service accounts in Microsoft Office SharePoint Server 2007 and in Microsoft Windows SharePoint Services 3.0. Use the procedure in the "More Information" section to update the passwords if the passwords for service accounts expire.
To change the passwords for service accounts in SharePoint Server 2007 and in Windows SharePoint Services 3.0, follow these steps.
Note If the SQL Server service uses a domain account, and the password for that domain account is either expired or invalid, make sure that you update the password for the domain account before you perform this procedure.
1. Update the password for the account that is used by the Central Administration application pool. To do this, follow these steps:
a. On all servers in the server farm, open a command prompt, type the following line, and then press ENTER:
cd %commonprogramfiles%\Microsoft Shared\Web server extensions\12\Bin
b. On the server that hosts the Central Administration Web site, type the following line at the command prompt, and then press ENTER:
stsadm –o updatefarmcredentials –userlogin DomainName\UserName -password NewPassword
c. On all other servers in the server farm, type the following line at the command prompt, and then press ENTER:
stsadm –o updatefarmcredentials –userlogin DomainName\UserName -password NewPassword -local
d. Restart Microsoft Internet Information Services (IIS) 6.0. To do this, type the following line at the command prompt, and then press ENTER:
iisreset /noforce
2. Verify that the Administration Application Pool Credential Deployment job definition is no longer displayed on the Timer Job Definitions page of SharePoint 3.0 Central Administration. To do this, follow these steps:
a.Open SharePoint 3.0 Central Administration, click Operations, and then click Timer job definitions under Global Configuration.
b.Verify that the Administration Application Pool Credential Deployment job definition is no longer displayed in the list.
Note If the Administration Application Pool Credential Deployment job definition is displayed in the list, wait until it disappears from the list.
3.Update the password for the application pool account that is used by Web applications on the server farm. To do this, type the following line at a command prompt on every server on the server farm, and then press ENTER:
stsadm -o updateaccountpassword -userlogin DomainName\UserName -password NewPassword –noadmin
4.Update the password for the account that is used to run the Windows SharePoint Services Help Search service. To do this, type the following line at a command prompt on every server on the server farm, and then press ENTER:
stsadm.exe -o spsearch -farmserviceaccount DomainName\UserName -farmservicepassword NewPassword
5.Update the password for the default content access account that is used by the Windows SharePoint Services Help Search service. To do this, type the following line at a command prompt on every server on the server farm, and then press ENTER:
stsadm.exe -o spsearch –farmcontentaccessaccount DomainName\UserName -farmcontentaccesspassword NewPassword
6.If you are running SharePoint Server 2007, you must also follow these steps:
a.Update the password for the account that is used by every Shared Services Provider (SSP) on the server farm. To do this, type the following line at a command prompt on every server on the server farm, and then press ENTER:
stsadm.exe -o editssp -title SharedServicesProviderName -ssplogin DomainName\UserName -ssppassword NewPassword
b.Update the password for the account that is used to run the Office SharePoint Server Search service. To do this, type the following line at the command prompt, and then press ENTER:
stsadm.exe -o osearch -farmserviceaccount DomainName\UserName -farmservicepassword NewPassword
c. If the server farm is configured to use single sign-on, update the password for the account that is used by the Microsoft Single Sign-On Service. To do this, follow these steps:
1.Click Operations in SharePoint 3.0 Central Administration, and then click Service accounts under Security Configuration.
2.Under Windows service, click Single Sign-On Service.
3.Under Configurable, specify the password, and then click OK.
d.Update the password for the default content access account that is used by the Office SharePoint Server Search service. To do this, follow these steps:
1.Open SharePoint 3.0 Central Administration, and then click the link to the SSP Web application under Shared Services Administration.
2.Under Search, click Search settings, and then click Default content access account.
3.Specify the password to use for the content access account, and then click OK.
Example script
The following is an example of how you can use the previous procedure to create a batch file that automates password changes. Use the following syntax to run the script:
FileName.bat DomainName\UserName NewPassword
@echo off rem other app pools echo *** Updating app pool passwords "%commonprogramfiles%\Microsoft Shared\Web server extensions\12\BIN\Stsadm.exe" -o updateaccountpassword -userlogin %1 -password %2 -noadmin rem central admin echo *** Updating Central Admin password "%commonprogramfiles%\Microsoft Shared\Web server extensions\12\BIN\Stsadm.exe" -o updatefarmcredentials -userlogin %1 -password %2 rem ssp - new echo *** Updating ssp password for new installs "%commonprogramfiles%\Microsoft Shared\Web server extensions\12\BIN\Stsadm.exe" -o editssp -title "SharedServices1" -ssplogin %1 -ssppassword %2 rem ssp - upgrade echo *** Updating ssp password for upgraded installs "%commonprogramfiles%\Microsoft Shared\Web server extensions\12\BIN\Stsadm.exe" -o editssp -title "Default Web Site" -ssplogin %1 -ssppassword %2 rem osearch echo *** Updating osearch password "%commonprogramfiles%\Microsoft Shared\Web server extensions\12\BIN\Stsadm.exe" -o osearch -farmserviceaccount %1 -farmservicepassword %2 echo *** MANUAL UPDATE NEEDED. To update the password, visit the SSP Web application page, click Search Settings, and then click Default Content Access Account. rem spsearch echo *** Updating spsearch password "%commonprogramfiles%\Microsoft Shared\Web server extensions\12\BIN\Stsadm.exe" -o spsearch -farmserviceaccount %1 -farmservicepassword %2 echo *** Updating spsearch content access account "%commonprogramfiles%\Microsoft Shared\web server extensions\12\BIN\stsadm.exe" -o spsearch –farmcontentaccessaccount %1 -farmcontentaccesspassword %2 rem restarting IIS echo *** Doing soft restart of IIS iisreset /noforce echo on
Modify the script to include the correct names of each SSP in the server farm. If the server farm is configured to use single sign-on, you must also use the sc config command.
