Share via

Change SharePoint Farm account

  • Article

Use this PowerShell script if you would like to replace an existing managed account credential.

Introduction

Use this PowerShell script if you would like to replace an existing managed account credential with a new managed account. This applies also to the farm admin user. The PowerShell script will scan the following items and replace the user account accordingly:

  • 1- SharePoint Services
  • 2- SharePoint Service Applications App Pools
  • 3- SharePoint Web application App Pools

There is an extra function added "UpdateFarmCredentials" to update the farm credentials if the need be.

It's recommended to reset IIS after running this script.

How to use the script

You need to run this script in an elevated command prompt screen from one of the SharePoint servers in the targeted farm running with the farm admin account.

At the end of the file make sure you replace the following variables with your desired values:

  • 1- $OldUser (The old managed account you want to replace)
  • 2- $NewUser (The new managed account you want to register and use)
  • 3- $NewUserPassword (The new managed account password)

Please note:

  • The script might throw some warnings when you try to use a local account in a farm deployment. You can ignore these warnings However, you should know that it’s not recommended to use local accounts. You might also see some errors regarding deploying some of the changes to some of the Service applications. You can ignore these errors as well.
  • The script will register the new managed account for you if it’s not registered yet and will prompt you for the password to be stored in SharePoint.
  • The script is written and tested on SharePoint 2010 version only.
  • Some users reported that the UPA stopped working after replacing the credentials.

Run this script at your own risk!

001.

function UpdateFarmCredentials($userName,$Password)

002.

{

003.

    #Prepare Stsadm to be used through powershell

004.

    Set-Alias -Name stsadm -Value $env:CommonProgramFiles"\Microsoft Shared\Web Server Extensions\14\BIN\STSADM.EXE"

005.

    $Command = "stsadm -o updatefarmcredentials -userlogin '$userName' -password '$Password'"

006.

    trap{"Error updating farm credentials"}

007.

    Invoke-Expression $Command

008.

}

009.

function Ensure-SPAccount($userName)

010.

{

011.

    #Add SharePoint Snap-in

012.

    if((Get-PSSnapin -Name Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue) -eq $null)

013.

    { 

014.

       Add-PSSnapin Microsoft.SharePoint.PowerShell;

015.

        Write-Host "SharePoint PowerShell Snap-In added";

016.

    }

017.

    if(Get-SPManagedAccount | Where-Object { $_.UserName -eq $userName }){

018.

      # Managed Account Already exists

019.

      Write-Host “Managed Account: $userName exists”

020.

    } else {

021.

      # Get User Credentials

022.

      $credential = Get-Credential -Credential $userName

023.

      # Create New Managed Account

024.

      New-SPManagedAccount -Credential $credential

025.

    }

026.

}

027.

function Get-SPServiceIdentity()

028.

{

029.

    #Add SharePoint Snap-in

030.

    if((Get-PSSnapin -Name Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue) -eq $null)

031.

    {

032.

        Add-PSSnapin Microsoft.SharePoint.PowerShell;

033.

        Write-Host "SharePoint PowerShell Snap-In added";

034.

    }

035.

    foreach ($ser in Get-SPServiceInstance)

036.

    {

037.

        $T = $ser.GetType()

038.

        if($T.BaseType.Name -like "SPWindowsServiceInstance")

039.

            {

040.

                Write-Host "Service= " $ser.TypeName ", Identity="  $ser.Service.ProcessIdentity.UserName

041.

            }

042.

    }

043.

}

044.

function Replace-SPServiceIdentity($FromUser,$ToUser)

045.

{

046.

    #Add SharePoint Snap-in

047.

    if((Get-PSSnapin -Name Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue) -eq $null)

048.

    {

049.

        Add-PSSnapin Microsoft.SharePoint.PowerShell;

050.

        Write-Host "SharePoint PowerShell Snap-In added";

051.

    }

052.

    $fromUserLower = "$FromUser"

053.

    $fromUserLower = $fromUserLower.ToLower().Trim()

054.

     

055.

    #Make sure Service account is added

056.

    Ensure-SPAccount $ToUser

057.

     

058.

    foreach ($ser in Get-SPServiceInstance)

059.

    {

060.

        $T = $ser.GetType()

061.

        if($T.BaseType.Name -like "SPWindowsServiceInstance"  -and $ser.Service.ProcessIdentity.UserName -ne $null)

062.

        {

063.

            $UserName = $ser.Service.ProcessIdentity.UserName.ToLower()

064.

            if($UserName -Like $fromUserLower)

065.

            {

066.

                Write-Host "Updating Service= "  $ser.TypeName

067.

                $ser.Service.ProcessIdentity.UserName = $ToUser

068.

                $ser.Service.ProcessIdentity.Update()

069.

                $ser.Service.ProcessIdentity.Deploy()

070.

            }

071.

             

072.

        }

073.

    }

074.

}

075.

function ReplaceServiceAppsApplicationPoolIdentity($FromUser,$ToUser)

076.

{

077.

    #Add SharePoint Snap-in

078.

    if((Get-PSSnapin -Name Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue) -eq $null)

079.

    {

080.

        Add-PSSnapin Microsoft.SharePoint.PowerShell;

081.

        Write-Host "SharePoint PowerShell Snap-In added";

082.

    }

083.

     

084.

    $fromUserLower = "$FromUser"

085.

    $fromUserLower = $fromUserLower.ToLower().Trim()

086.

     

087.

    #Make sure Service account is added

088.

    Ensure-SPAccount $ToUser

089.

     

090.

    #Replace service apps application pool identities

091.

    foreach($appPool in Get-SPServiceApplicationPool)

092.

    {

093.

        if($appPool.ProcessAccountName.ToLower() -Like $fromUserLower)

094.

        {

095.

            Write-Host "Updating" $appPool.Name "..."

096.

            Set-SPServiceApplicationPool  $appPool –Account $ToUser

097.

        }

098.

    }

099.

     

100.

}

101.

function ReplaceWebAppsApplicationPoolIdentity($FromUser,$ToUser)

102.

{

103.

    #Add SharePoint Snap-in

104.

    if((Get-PSSnapin -Name Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue) -eq $null)

105.

    {

106.

        Add-PSSnapin Microsoft.SharePoint.PowerShell;

107.

        Write-Host "SharePoint PowerShell Snap-In added";

108.

    }

109.

    $fromUserLower = "$FromUser"

110.

    $fromUserLower = $fromUserLower.ToLower().Trim()

111.

   

112.

    #Make sure Service account is added

113.

    Ensure-SPAccount $ToUser

114.

    

115.

    #Replace web apps application pool identities

116.

    foreach($WebApp in Get-SPWebApplication)

117.

    {

118.

        $appPool = $WebApp.ApplicationPool

119.

        if($appPool.ManagedAccount.UserName.ToLower() -Like $fromUserLower)

120.

        {

121.

            Write-Host "Updating '" $WebApp.Url "' web app applicaiton pool identity..."

122.

            $id = Get-SPManagedAccount $ToUser

123.

            $appPool.ManagedAccount = $id

124.

            $appPool.Update()

125.

        }

126.

    }

127.

}

128.

  

129.

$OldUser= "rk\spmanagedac1"

130.

$NewUser = "rk\spmanagedac1"

131.

$NewUserPassword = "password01"

132.

#UpdateFarmCredentials $OldUser $NewUserPassword

133.

Replace-SPServiceIdentity $OldUser $NewUser

134.

ReplaceServiceAppsApplicationPoolIdentity $OldUser $NewUser

135.

ReplaceWebAppsApplicationPoolIdentity $OldUser $NewUser

See Also