Archive for March, 2011

Managed Account Password Management

I like the idea of SharePoint managing my passwords for me. I like the idea of no human knowing what the service account passwords are so that they are forced to log into their own admin account before modifying anything within SharePoint. The problem with this is that I just can’t trust SharePoint to handle this for me and even if I do it is very difficult to have a recovery strategy.

I’ve now been bitten by this issue twice in two separate environments. I can’t say what causes it but for some reason the Farm account fails to update cleanly and Central Administration is completely unaccessible. Thank goodness for my old friend PowerShell.

So you’re either here because your farm is inaccessible or you’re here because you need the PowerShell for resetting a managed account password. Either way… here you go.

Modify Password for Managed Account using PowerShell

$pw = ConvertTo-SecureString -String p@ssword1 -AsPlainText -Force
$account = Get-SPManagedAccount DOMAIN\User
Set-SPManagedAccount -Identity $account -NewPassword $pw -ConfirmPassword $pw -SetNewPassword

Now… if this fails for you because you can’t access the farm due to permissions issues then you have a much larger issue on your hands. You can try to give a user access to the content and configuration databases, local administrator rights and Shell Admin role within SQL Server but honestly I haven’t tested that scenario yet.

For now I’m recommending that companies do not utilize the automatic password management features of SharePoint 2010.