How to Change Default Content Access Account in SharePoint 2016 Search?

Once we complete creating Search Service Application, The next step is to configure default content access account, which is used by Crawl Component to crawl the content sources like SharePoint content. This crawl account will have read access to all your search content sources such as SharePoint Web Applications.

Set default content access account
You can change search crawl account from SharePoint Central Administration as:

• SharePoint Central Admin >> Application Management >> Manage Service applications
• From the service applications list, Select the Search service application
• In the Search Administration page, click on the account already configured for Default content access account.
• Provide the new crawl account user name and password.
  

Content access accounts should be normal domain account. We shouldn't use SharePoint setup account or farm administrator account for crawling content as it would cause security trimming errors.

PowerShell to Change Search Crawl Account in SharePoint 2016:
If you want to change the default content access account for SharePoint 2013 search service application using PowerShell, use this script:

Add-PSSnapin Microsoft.SharePoint.Powershell -ErrorAction SilentlyContinue

#Set Default content access account
$AccountID = "Crescent\SP16_Crawl"
$Password = Read-Host -AsSecureString  

#Get Search service application
$SearchInstance = Get-SPEnterpriseSearchServiceApplication

#Set default content access account for crawl
Set-SPEnterpriseSearchServiceApplication -Identity $SearchInstance -DefaultContentAccessAccountName $AccountID -DefaultContentAccessAccountPassword $Password

Default content access account permissions:
As soon as you change Search Crawling Account, SharePoint automatically creates a web application policy with "Full Read" permissions on all Web applications!