How to Change Service Accounts in SharePoint Server using PowerShell?
Change Service Accounts in SharePoint 2016
Are you looking to change your service accounts in SharePoint? Perhaps you’ve recently changed your domain name and need to update all of your service account references. In this guide, we’ll show you how to change your service accounts in SharePoint quickly and easily. I will also share how to use PowerShell to change your service accounts.
If you have created a new managed account or want to change the mapping of managed Account with SharePoint 2016 Services, Go to:
- Central Administration >> Security
- Under the General Security section, click Configure Service accounts.
- Pick the Appropriate Service and Service Account from the Dropdown.
- Click “OK” to save your changes
Read more: Configuring Managed Accounts in SharePoint 2016
PowerShell way: How to Change Service Accounts in SharePoint 2013/2016?
Why? Because not all accounts can be changed via SharePoint Central Administration UI. Here are my scripts to change various service accounts in SharePoint using PowerShell. Please note, there are Four types of Service accounts we have to take care of:
- SharePoint Service Instances like Distribution cache, Claims to window token service, etc
- SharePoint Farm Service
- Service Application’s AppPool Account
- Web Application’s AppPool Account
PowerShell script to Change Service Accounts in SharePoint (E.g. Distribution Cache Service)
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
#Custom Function to change Service account of given service
Function Set-ServiceIdentity($svc, $UserName)
{
#Get the current service account
$ProcessIdentity = $svc.Service.ProcessIdentity
if ($ProcessIdentity.Username -ne $UserName)
{
$ProcessIdentity.Username = $UserName
$ProcessIdentity.Update()
Write-Host "Service Account Set!"
}
}
#Get the Service
$Service = Get-SPServiceInstance | Where {$_.TypeName -eq "Claims To Windows Token Service"}
#Call the function to Set "Local System" Identity to given service
Set-ServiceIdentity $Service "NT AUTHORITY\SYSTEM"
The above script changes the specified service’s service account.
How to change the farm service account in SharePoint 2013?
We still rely on the STSADM tool to update SharePoint 2013’s Farm Account. Use this command line to update SharePoint Farm’s service account credentials:
stsadm -o updatefarmcredentials -userlogin “DOMAIN\username” -password “Password here”
Change Service Application Pool’s Service Account:
To change the application pool’s service accounts, use this PowerShell script:
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
#Custom Function to change Service account of given service
Function Set-ServiceAppPoolIdentity($SvcAppPool, $UserName)
{
if ($SvcAppPool.ProcessAccountName -ne $UserName)
{
Set-SPServiceApplicationPool $SvcAppPool -Account $UserName
Write-Host "Application Pool Service Account Updated!"
}
}
#Get the Service
$SvcAppPool = Get-SPServiceApplicationPool | Where {$_.Name -eq "Service Application App Pool"}
#Call the function to Set "Local System" Identity to given service
Set-ServiceAppPoolIdentity $SvcAppPool "Crescent\SP2016Admin"
Change Web Application App Pool Accounts:
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
#Custom Function to change Service account of Web App Pool
Function Set-WebAppPoolIdentity($WebAppPool, $UserName)
{
if ($WebAppPool.ManagedAccount.UserName -ne $UserName)
{
#Get the Managed Account
$ManagedAccount= Get-SPManagedAccount $UserName
#Set the Managed Account
$WebAppPool.ManagedAccount = $ManagedAccount
$WebAppPool.Update()
Write-Host "Web Application App Pool Account Updated!"
}
}
#Get Web App's App Pool
$WebAppPool = (Get-SPWebApplication "https://intranet.crescent.com").ApplicationPool
#Call the function to Set the Managed Account to Web App Pool
Set-WebAppPoolIdentity $WebAppPool "Crescent\SPAdmin"
Very helpful, thanks!