You may have to change your service account passwords for reasons such as: Password expiration, Security best practice, Your SharePoint guy left your company, etc. Remember those old days? You got to run stsadm -o updatefarmcredentials and update application pool accounts on every server in the farm?
Luckily, we got managed accounts feature starting from SharePoint 2010 onwards. The primary advantage of the managed accounts idea is: To centrally manage service accounts of SharePoint in one place, by registering and mapping them with SharePoint Services such as: Farm, Service Applications, Application Pools, etc. So, whenever you need to change the service account's password, Update them once!
There are three different cases to change managed account passwords in SharePoint 2013 either from SharePoint Central Administration or using PowerShell.
- Generating new password
- Set account password to new value
- Use existing password - This option lets us updating the account password in SharePoint, if it is changed in Active Directory(or somewhere!)
Case 1: Change password of the Managed account to a new random password:
If you want the password to be changed to an automatically generated random password, Use the "Generate new password" option.
To reset managed account password SharePoint 2013 with PowerShell:
Set-SPManagedAccount –Identity domain\user -AutoGeneratePassword $true
Case 2: Change Password of the Managed account in SharePoint as well as in AD
If you want to change the service password to a specific value, select the option "Set account password to new value" and enter the new password.
You can change managed account passwords in SharePoint 2010/2013 using PowerShell as:
$ManagedAccount = Read-Host "Enter the Managed account in Domain\User Format:" #$ManagedAccount = Get-SPManagedAccount -Identity “sharepoint\sa-spcontent” #Get new Password for the managed account $Password = Read-Host "Enter new password for managed account" –AsSecureString #Change the password for the managed account Set-SPManagedAccount -Identity $ManagedAccount -NewPassword $Password
When you try to change managed account password in SharePoint 2013k, You may get the error:
"Set-SPManagedAccount: The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements"
Apparently, the given password is not satisfying your AD domain's password policy. Just check with your AD admin to get the password policy insights.
Case 3: Update the password of the Managed Account, which is updated in AD:
If you / AD admin has already changed the service password in active directory, you have to update it in SharePoint. Select "Use existing password" option and then enter the password
To update managed account passwords in SharePoint 2013, using PowerShell:
$ManagedAccount = Read-Host "Enter the Managed account in Domain\User Format:" #Get new Password for the managed account $Password = Read-Host "Enter new password for managed account" –AsSecureString #Change the password for the managed account Set-SPManagedAccount -Identity $ManagedAccount -ExistingPassword $Password -UseExistingPassword $trueIf you get access denied error on changing password of managed account in SharePoint 2013 or in SharePoint 2010, one possible reason could be: "User cannot change password" settings.
You might also like:
SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.
Document SharePoint Farm
Automatically generate SharePoint documentation.