Change Password for Service account in SharePoint

Published May 15 2019 03:06 PM 1,886 Views

First published on TECHNET on Nov 29, 2012

Recently had a customer ask me about how to do this so wrote this little article and thought I would share it with you.


SharePoint 2007


There will be two times when you want to reset passwords in MOSS.

    1. In a planned fashion possibly due to Domain policy requirements you change the password.


    1. When you have allowed the password to expire and need to change the password to return the farm to service.

In either case the steps are the same, this fantastic article KB934838 covers the steps in detail and even has a script that you can take and setup for your environment, so there is no reason for me to go over it except to say read the article.


The commands that are primary to this are:


Stsadm -o updatefarmcredentials


Stsadm -o updateaccountpassword


Stsadm -o spsearch


Stsadm -o editssp


Stsadm -o osearch


And in farms that are least privilege you have some extra steps that you need to follow to insure that this would work.


SharePoint 2010


We grew the functionality in this area by several steps.  We have introduced Managed Accounts, this means that we store both username and password in the configuration database for the service accounts.  This also insures that we keep the objects in IIS and OS up to date thru syncing.


Then using this idea of a Managed Account we have setup several different methods to change the passwords and have that update the App Pools, etc.  By going to /_admin/EditAccount.aspx we see we have the following


Credential Management


This allows you to either change the password thru SharePoint to something new this can be a random password or something you choose, or to use an existing password.


This section is good to use if your password has already expired or is about to expire.





Automatic Password Change


This allows you to stop worrying about password changes altogether, and allow SharePoint to manage them for you.  I highly recommend that you test this and make sure it will work for you.  Here are some gotchas that I have noticed

    1. Service account that is shared between multiple farms, the password change does not work across farms!


    1. Service account that is used in User Profile Connection settings, this should not be a managed account as the process can't change this.


    1. You will no longer be able to login with these accounts, so make sure yours has the correct permissions


    1. This command cannot override the rules of Domain Policies ie Password Complexity, Length, Age, etc






There is of course PowerShell commands that can help you to automate these steps or if you have an issue get you out of a bind.


Set-SPManagedAccount - This PowerShell command will be the one you use the most, using this cmdlet and different switches you can cover all the situations above.  Here some examples


We want to change the password with something new use


Set-SPManagedAccount -identity Domain\User -NewPassword (Converto-Securestring "P@ssword" -AsPlainText -Force) -SetNewPassword


We need to use existing password


Set-SPManagedAccount -identity Domain\User -ExistingPassword (Convertto-Securestring "P@ssword" -AsPlainText -Force


Set SharePoint to manage password


Set-SPManagedAccount -identity Domain\User -AutogeneratePassword -EmailNotification 14 -PreExpireDays 7 -Schedule "Monthly between <dayofmonth> <Timeofdayinhh:mm:ss> and <dayofmonth> <Timeofdayinhh:mm:ss>"


Repair-SPManagedAccountDeployment - This PowerShell command is used when you have setup the automatic password change and it's worked on Server A but not Server B, by running the command locally on Server B it will re-synch all of the App Pools on that server.




Configure automatic password change (SharePoint Server 2010)


Plan automatic password change (SharePoint Foundation 2010)

Version history
Last update:
‎Apr 28 2020 02:57 PM
Updated by: