When creating these service accounts, for various reasons, we typically create a domain account in Active Directory and configure it such that the passwords do not expire. As well, we find that the passwords for these service accounts typically are not changed often. However, there are circumstances in which the password for the SharePoint 2013 farm account must be changed.
- One example of such a circumstance is if we suspect that the farm account has been compromised by a malicious user.
- Another example is when consultants, such as myself, are brought in to deploy new SharePoint 2013 environments. Once that deployment process is complete and the client is happy with the environment, rightfully so, the client typically wants to take complete control of the environment and restrict farm admin level access to only a small set of internal employees - essentially they want to prevent the consultants that deployed the environment from continuing to have farm administrative level access.
Changing the SharePoint 2013 farm account is a manual process. Its not something that is done often, so people often aren't sure which steps are required to ensure that it has been changed in all required locations. Always be sure to test this process in a TEST SharePoint 2013 environment and monitor that environment for a period of time before performing this process in a PRODUCTION environment. Your SharePoint 2013 farm may be configured differently that other standard configurations and your process may require extra steps.
For a standard SharePoint 2013 farm, the following are the steps required for modifying the SharePoint 2013 farm account:
- The farm administrator account must be made a local administrator on the server hosting the user profile service during the password change.
- Once that step is complete, launch SharePoint Central Admin, navigate to System Settings and click ‘Manage Services on Server’. This page is used to start and stop services on each machine in the farm. Select the machine hosting the user profile service and find that service. It should say started.
- Stop the service.
- Start the service again – when starting the script you’ll be asked for the new password
- Ensure that you monitor the user profile service and ensure that the service starts correctly.
- Once started, you may remove the farm administrator account as a local administrator. However, we often recommend leaving it as a local admin on the server for simplicity of making such changes in the future.
- Launch SharePoint Central Admin, click Application Management in the left hand menu, click Manage Service Applications, click the Secure Store Application and click Manage Target Applications.
- Select a single Target Application from the list.
- In the Credentials group on the ribbon, click Set. This opens the Set Credentials for Secure Store Target Application dialog box. If any target application uses the farm administrators account, change the password here.
- Repeat this process for all secure store applications.
- Note: Be cautious when entering the password. If a password is entered incorrectly, no message will be displayed about the error. Instead, you'll be able to continue with configuration. However, errors can occur later, when you attempt to access data through the BCS. If the password for the external data source is updated, you have to return to this page to manually update the password credentials.
Please let me know if you have any questions or comments about this process. There may be other services that have been configured with the farm administration account, so your process may vary somewhat, but typically the farm administrator account is reserved for specific purposes. As a best practice, due to its high level of access, the farm administrator account should not be used widely other than for the purposes in which it was designed.
-Antonio
This comment has been removed by a blog administrator.
ReplyDeleteI've been reading up on different sites about this process and some places metion running the stsadm updatefarmcredentials and then an iisreset after going through these steps. Thoughts?
ReplyDeleteWell, stsadmn may work but it was deprecated in SharePoint 2016 and we have been recommended to move off of it since SharePoint 2013 was released. So I would not recommend using it. Its still there and may very well work, but we should really stop using stsadm (and start moving to PowerShell, and unfortunately PowerShell does not have an equivalent command). As well, an IIS Reset may work, but I have always rebooted each server in the farm when making such a change. This is a fundamental change and I would be concerned about all services (windows services and SharePoint services) that rely on the farm service account credentials all getting appropriately updated at the same time. HTH
ReplyDeleteHi Antonio.
DeleteI am new to Sharepoint, i got one project of sharepoint, where i need to install SharePoint & configure DMS (Document Management System).
i dont have any idea about SharePoint.
Project Details:-
1.Installing SP
2. Confiogure DMS
3. Intergrate existing EMS file share storage to SP & migrate all the Data to SP.
4. File share carrying NTFS permission should also move to SP (Is that Possible)
please mail me the step by step for successfully completing this above project.
my email id :- Happen0608@hotmail.com
Hi Antonio,
ReplyDeleteGreat post... In our case we are using same service accounts in our content farm and shared services farm( search, UPA etc..). Can you suggest best way of changing password in these situations please..
Many thanks in advance.
This comment has been removed by a blog administrator.
ReplyDeleteHave tried to reply to this a couple of times, but blogger keeps giving me issues. I would first ask where did you see this error? Is it on the Configure Managed Accounts page? I would suggest you check the farm service account in AD to see if its configured so that the password cannot be changed. You may have to perform the initial password change there. Also, I wrote an update to this post a few months later, which you can find here: http://www.trustsharepoint.com/2015/10/updated-changing-sharepoint-2013-farm.html. Hope that helps.
DeleteThis comment has been removed by the author.
ReplyDeleteHI,
ReplyDeleteI need to know before changing the password at farm level, do we need to change the same at Ad and SQL level also?
Will someone please tell me why Microsoft design their servers and services so that every change requires a reboot.
ReplyDeleteThis will allow to enter the password for the managed account. This command is the same used to set the password. You will see a screen similar to the below where you will manually enter the gmail recovery
ReplyDeleteYour articles make whole sense of every topic. best password manager
ReplyDeleteThanks for sharing nice information with us. I like your post and all you share with us is up to date and quite informative, I would like to bookmark the page so I can come here again to read you, as you have done a wonderful job. https://digitogy.com
ReplyDeleteIt is an informative post.
ReplyDeleteOnce enact these changes in online security protocols, anyone will be able to rest easier knowing that. The World Wide Web is a safe place for use Random Password Generator Tool to do business and build friendships. Do not make the mistakes that far too many others have.
ReplyDeletehttps://www.blogger.com/blogger.g?blogID=3819955091250525446#editor/target=post;postID=7828229774633764180
ReplyDeleteIf you have typed the wrong password, you'll receive a message that says your user name or password is incorrect. When this message appears, click OK. reset windows 10 password
ReplyDeleteAfter a year, analysing all kinds of diets, finally understood that we should eat normal foods that are grown locally from our native home town... no packed or imported foods. This is the trick but nobody ill like this comment!! factory inc hack
ReplyDeleteAmazing post! I appreciate your hard work. Thank you for sharing. I have also share some use full information.
ReplyDeleteDrone pro review
mosquitron reviews
eco beat earphones review
Coolair review
Coolair air cooler review
For SP2016 environment, could we simply skip the part about User Profile service? Since there is no user profile sync service in sp2016.
ReplyDeleteYou are the smartest, you are much louder and I hope you give me a heart zero city zombie shelter survival hack
ReplyDeleteit's working fine for me! Thank you for sharing this with us dominations hack
ReplyDeleteFossil watches in india
ReplyDeleteBest Front Load Washing Machines
Vaseline Body Lotion in India 2020
Best Refrigerators in India
Best Portable speaker in India
Canon DSLR camera in India
Best Refrigerator Under 20000 in India 2020
Can I simply say what a comfort to find someone that genuinely understands what they are talking about on the internet. You certainly realize how to bring an issue to light and make it important. More and more people should check this out and understand this side of the story. It's surprising you aren't more popular given that you certainly have the gift.
ReplyDeleteKBC Lottery Winner 2019 25 Lakh List
kbc Lottery Winner 2020 List Today
Kbc Head Office Whatsapp Number Mumbai
KBC Lottery Number Check
KBC Winner List 25 Lakh
Kbc Head Office Real Number
That is very helpful for increasing my knowledge in this field. hulu account generator
ReplyDeleteThis awesome blog meets and succeeds the expectation of the readers. I thank you for sharing this remarkable work and it is note worthy. Web Designing Course Training in Chennai | Web Designing Course Training in annanagar | Web Designing Course Training in omr | Web Designing Course Training in porur | Web Designing Course Training in tambaram | Web Designing Course Training in velachery
ReplyDeleteThis is really very nice post you shared, i like the post, thanks for sharing..
ReplyDeleteData Science Course
The best article I came across a number of years, write something about it on this page. look at here
ReplyDeleteMua vé máy bay tại Aivivu, tham khảo
ReplyDeletesăn vé máy bay giá rẻ đi Mỹ
giá vé máy bay từ mỹ về việt nam
đặt vé từ nhật về việt nam
vé máy bay từ canada về việt nam
This is a great post I saw thanks to sharing. I really want to hope that you will continue to share great posts in the future.
ReplyDeleteData Science Training in Hyderabad
Data Science Course in Hyderabad
Cool stuff you have and you keep overhaul every one of us
ReplyDeletedata science training in malaysia
Really nice and interesting post. I was looking for this kind of information and enjoyed reading this one. Keep posting. Thanks for sharing. minecraft account generator free
ReplyDeleteGenerally, many companies create service accounts for specific purposes; I just dug up a new SharePoint 2013 farm and found it very useful. Thank you so much for making this so informative. Buy Dissertation Online
ReplyDeleteสุดยอด pg slot สุดฟิน เป็นเกมใหม่ ปัจจุบัน เกมยอดนิยม และก็นิยม เล่นกันเยอะๆโดยยิ่งไปกว่านั้นในฝั่งทางทวีปเอเชีย ของพวกเราโดยเกม pg slot จะเด่นในด้าน ของตัวเกม ระบบนำสมัย
ReplyDeleteThis is a very useful post for me. This will absolutely be going to help me in my project.
ReplyDelete<a href="https://360digitmg.com/course/certification-program-on-full-stack-web-developer”>full stack development course</a>
would like to be part of us at Try Slots ทดลองเล่นสล็อต https://www.pgslot168game.com/pgslot-demo/ that has brought many demos of slot games from abroad to be able to play to the fullest, with only good games, popular games to play all day without Stumbling along with beautiful graphics that are pleasing to the eye and will play good luck to play game slot.
ReplyDeleteAmr Helmy Company is known for the best modern designs kitchens in all parts of Egypt because it has a fleet of specialists with great experience in the field and the company undertakes to implement the required of them on time with the highest quality
ReplyDeleteGreat! I have been looking for this type of post. It would be helpful for us, Thank you! best data science training in Delhi
ReplyDeleteThis webinar will leverage real-world experience to help you develop a particular Manufacturer & Exporter of knitware Garments action list that can be used to maximise user experience and boost user adoption.
ReplyDelete