Monday, November 17, 2008

Changing SharePoint Service Accounts via stsadm

http://support.microsoft.com/kb/934838

We had a customer that needed to change the Service Accounts within their farm due to an employee leaving the company. This can be easily performed by using the STSADM command line tool. See Microsoft KB link above.

1) From the Command prompt on the Server that is hosting Central Administration on the farm, run the following command:
stsadm -o updatefarmcredentials -userlogin DomainName\UserName -password NewPassword

2) Then on all other SharePoint servers in the farm run the following command:

stsadm -o updatefarmcredentials -userlogin DomainName\UserName -password NewPassword -local

3) Run an IISRESET /noforce

Then you will need to run a series of commands for the other service accounts that your environment is using.


4.) Update the password for the application pool account that is used by Web applications on the server farm. To do this, type the following line at a command prompt on every server on the server farm, and then press ENTER:
stsadm -o updateaccountpassword -userlogin DomainName\UserName -password NewPassword -noadmin

5.)Update the password for the account that is used to run the Windows SharePoint Services Help Search service. To do this, type the following line at a command prompt on every server on the server farm, and then press ENTER:
stsadm.exe -o spsearch -farmserviceaccount DomainName\UserName -farmservicepassword NewPassword

6.)Update the password for the default content access account that is used by the Windows SharePoint Services Help Search service. To do this, type the following line at a command prompt on every server on the server farm, and then press ENTER:
stsadm.exe -o spsearch -farmcontentaccessaccount DomainName\UserName -farmcontentaccesspassword NewPassword


7.) If you are running SharePoint Server 2007, you must also follow these steps:
a.
Update the password for the account that is used by every Shared Services Provider (SSP) on the server farm. To do this, type the following line at a command prompt on every server on the server farm, and then press ENTER:
stsadm.exe -o editssp -title SharedServicesProviderName -ssplogin DomainName\UserName -ssppassword NewPassword
b.
Update the password for the account that is used to run the Office SharePoint Server Search service. To do this, type the following line at the command prompt, and then press ENTER:
stsadm.exe -o osearch -farmserviceaccount DomainName\UserName -farmservicepassword NewPassword
c.
If the server farm is configured to use single sign-on, update the password for the account that is used by the Microsoft Single Sign-On Service. To do this, follow these steps:
1.
Click Operations in SharePoint 3.0 Central Administration, and then click Service accounts under Security Configuration.
2.
Under Windows service, click Single Sign-On Service.
3.
Under Configurable, specify the password, and then click OK.
d.
Update the password for the default content access account that is used by the Office SharePoint Server Search service. To do this, follow these steps:
1.
Open SharePoint 3.0 Central Administration, and then click the link to the SSP Web application under Shared Services Administration.
2.
Under Search, click Search settings, and then click Default content access account.
3.
Specify the password to use for the content access account, and then click OK.

Hope this information helps, also the KB link has a script if anyone needs to script this as part of their security plan on a quarterly or such basis.