How to Change Service Accounts in SharePoint 2013 using PowerShell
Change Service Accounts in SharePoint 2013
If you have created a new managed account or want to change the mapping of managed Account with SharePoint 2013 Services, Go to:
- Central Administration >> Security
- Under the General Security section, click Configure Service accounts.
- Pick the Appropriate Service and Service Account from the Dropdown.
- Click “OK” to save your changes
Read more: https://www.sharepointdiary.com/2014/09/configuring-managed-accounts-in-sharepoint-2013.html
PowerShell way: How to Change Service Accounts in SharePoint 2013?
Why? because not all accounts can be changed via SharePoint Central Administration UI. Here are my scripts to change various service accounts in SharePoint using PowerShell. Please note there are Four type of Service accounts we have to take care:
- SharePoint Service Instances like Distribution cache, Claims to window token service, etc
- SharePoint Farm Service
- Service Application’s AppPool Account
- Web Application’s AppPool Account
PowerShell script to Change Service Accounts in SharePoint (E.g. Distribution Cache Service)
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
#Custom Function to change Service account of given service
Function Set-ServiceIdentity($svc, $UserName)
{
#Get the current service account
$ProcessIdentity = $svc.Service.ProcessIdentity
if ($ProcessIdentity.Username -ne $UserName)
{
$ProcessIdentity.Username = $UserName
$ProcessIdentity.Update()
Write-Host "Service Account Set!"
}
}
#Get the Service
$Service = Get-SPServiceInstance | Where {$_.TypeName -eq "Claims To Windows Token Service"}
#Call the function to Set "Local System" Identity to given service
Set-ServiceIdentity $Service "NT AUTHORITY\SYSTEM"
The above script changes the specified service’s service account.
How to change the farm service account in SharePoint 2013?
We still rely on STSADM tool to update SharePoint 2013’s Farm Account. Use this command line to update SharePoint Farm’s service account credentials:
stsadm -o updatefarmcredentials -userlogin “DOMAIN\username” -password “Password here”
Change Service Application Pool’s Service Account:
To change application pool’s service accounts, use this PowerShell script:
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
#Custom Function to change Service account of given service
Function Set-ServiceAppPoolIdentity($SvcAppPool, $UserName)
{
if ($SvcAppPool.ProcessAccountName -ne $UserName)
{
Set-SPServiceApplicationPool $SvcAppPool -Account $UserName
Write-Host "Application Pool Service Account Updated!"
}
}
#Get the Service
$SvcAppPool = Get-SPServiceApplicationPool | Where {$_.Name -eq "Service Application App Pool"}
#Call the function to Set "Local System" Identity to given service
Set-ServiceAppPoolIdentity $SvcAppPool "Crescent\SP2016Admin"
Change Web Application App Pool Accounts:
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
#Custom Function to change Service account of Web App Pool
Function Set-WebAppPoolIdentity($WebAppPool, $UserName)
{
if ($WebAppPool.ManagedAccount.UserName -ne $UserName)
{
#Get the Managed Account
$ManagedAccount= Get-SPManagedAccount $UserName
#Set the Managed Account
$WebAppPool.ManagedAccount = $ManagedAccount
$WebAppPool.Update()
Write-Host "Web Application App Pool Account Updated!"
}
}
#Get Web App's App Pool
$WebAppPool = (Get-SPWebApplication "http://intranet.crescent.com").ApplicationPool
#Call the function to Set the Managed Account to Web App Pool
Set-WebAppPoolIdentity $WebAppPool "Crescent\SPAdmin"
Very helpful, thanks!