You may have to change your service account passwords for reasons such as: Password expiration, Security best practice, Your SharePoint guy left your company, etc. Remember those old days? You got to run stsadm -o updatefarmcredentials and update application pool accounts on every server on the farm?
Luckily, we got managed accounts feature starting from SharePoint 2010 on-wards. The primary advantage of the managed account’s idea is: To centrally manage service accounts of SharePoint in one place by registering and mapping them with SharePoint Services such as: Farm, Service Applications, Application Pools, etc. So, whenever you need to change the service account’s password, update them once from the SharePoint Central Administration site (or PowerShell!).
How to change the password of a managed account in SharePoint 2013 / 2016?
There are three different cases to change managed account passwords in SharePoint 2013, either from SharePoint Central Administration or PowerShell.
- Generate new password
- Set managed account password to new value
- Use existing password – This option lets us updating the account password in SharePoint, if it is already changed in Active Directory (or somewhere!)
Case 1: Change the password of the Managed account to a new random password:
If you want the password to be changed to an automatically generated random password, use the “Generate new password” option. To reset managed account password SharePoint with PowerShell:
Set-SPManagedAccount -Identity domain\user -AutoGeneratePassword $true
Case 2: Change Password of the Managed account in SharePoint as well as in AD
If you want to change the service password to a specific value, select “Set account password to new value” and enter the new password. You can change managed account passwords in SharePoint 2013/2016 using PowerShell as:
$ManagedAccount = Read-Host "Enter the Managed account in Domain\User Format:" #$ManagedAccount = Get-SPManagedAccount -Identity "Crescent\SPContent" #Get new Password for the managed account $Password = Read-Host "Enter new password for managed account" -AsSecureString #Change the password for the managed account Set-SPManagedAccount -Identity $ManagedAccount -NewPassword $Password
When you try to change a managed account password in SharePoint 2013, You may get the error:
“Set-SPManagedAccount: The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements.”
Apparently, the given password is not satisfying your AD domain’s password policy. Just check with your AD admin to get the password policy insights.
Case 3: Update the password of the Managed Account, which was already updated in AD:
If you / AD admin has already changed the service password in the active directory, you must update it in SharePoint. Select the “Use existing password” option and then enter the password.
To update managed account passwords in SharePoint 2013 using PowerShell:
$ManagedAccount = Read-Host "Enter the Managed account in Domain\User Format:" #Get new Password for the managed account $Password = Read-Host "Enter new password for managed account" -AsSecureString #Change the password for the managed account Set-SPManagedAccount -Identity $ManagedAccount -ExistingPassword $Password -UseExistingPassword $true
If you get access denied error on changing the password of a managed account in SharePoint 2013 or SharePoint 2016, one possible reason could be: “User cannot change password” settings.