如何使用 PowerShell 變更 SharePoint 服務帳號密碼
[以下的內容參考自以下的文件]
SharePoint 2013: Service Accounts, https://social.technet.microsoft.com/wiki/contents/articles/14500.sharepoint-2013-service-accounts.aspx
Configure automatic password change in SharePoint 2013, https://technet.microsoft.com/en-us/library/ff724280(v=office.15).aspx
Add-PSSnapin Microsoft.SharePoint.PowerShell
Set-Alias -Name stsadm -Value $env:CommonProgramFiles"\Microsoft Shared\Web Server Extensions\15\BIN\STSADM.EXE"
$farmServiceAcct = "sl\sp_farm" # Farm Service Account $contentAccess = "sl\sp_farm" # Content Access Account $profilesyncAcct = "sl\sp_farm" # Profile Sync Account $password = "Passw0rd" $securePwd = $password | ConvertTo-SecureString -AsPlainText -Force $SSAName = "Search Service Application" # Search Service Application Name $syncMachine = Get-SPServer "SLSP13" # Profile Sync Server $UPAName = "User Profile Service Application" # User Profile Service Application Name
# Add Managed accounts pairs in following variable $managedAccts = @(("sl\sp_farm", "Passw0rd"), ("sl\sp_farm1", "Passw0rd1"), ("sl\sp_farm2", "Passw0rd2"), ("sl\sp_farm3", "Passw0rd3"), ("sl\sp_farm4", "Passw0rd4"))
# Change all managed account to the same password
foreach($a in $managedAccts) { $securePwd = $a[1] | ConvertTo-SecureString -AsPlainText -Force Set-SPManagedAccount -Identity $a[0] -ExistingPassword $securePwd -confirm:$false }
# Change Search Service Application Default Content Access Account to the same $SSA = Get-SPEnterpriseSearchServiceApplication $SSAName Set-SPEnterpriseSearchServiceApplication -Identity $SSA -DefaultContentAccessAccountName $contentAccess -DefaultContentAccessAccountPassword $securePwd Write-Host "- Change content access account" $contentAccess "password" -ForegroundColor "Green"
# Change User Profile Sync Account $profApp = Get-SPServiceApplication | where {$_.Name -eq $UPAName}
if ($syncMachine.Address -eq $env:ComputerName) { $syncSvc = Get-SPServiceInstance -Server $env:ComputerName | where {$_.TypeName -eq "User Profile Synchronization Service"} $syncSvc.Status = [Microsoft.SharePoint.Administration.SPObjectStatus]::Provisioning $syncSvc.IsProvisioned = $false $syncSvc.UserProfileApplicationGuid = $profApp.Id $syncSvc.Update() $profApp.SetSynchronizationMachine($syncMachine.Address, $syncSvc.Id, $profilesyncAcct, $password) Write-Host "- Change user profile account" $profilesyncAcct "password" -ForegroundColor "Green" }
if ($syncSvc.Status -ne "Online") { Write-Host "Starting User Profile Synchronization Service..." -ForegroundColor "Green" Start-SPServiceInstance $syncSvc }
# Reapply service account $svc = Get-SPServiceInstance
foreach($s in $svc) { $pi = $s.Service.ProcessIdentity if($pi.CurrentIdentityType -eq "SpecificUser" -and $s.Service.Name -ne "") { Write-Host "- Update service" ($s.Service.Name) "process identity" $pi.Update() $pi.Deploy() } }
# Reapply the application pools without change identity $webapps = Get-SPWebApplication foreach($w in $webapps) { $w.ProvisionGlobally() $w.Update() }
# Reapply the service application pools without change identity $serviceAppPools = Get-SPServiceApplicationPool foreach($sap in $serviceAppPools) { Set-SPServiceApplicationPool $sap.Name -Account $sap.ProcessAccount }
# Change farm service account, must run this command on Central Admin Server stsadm -o updatefarmcredentials -userlogin $farmServiceAcct -password $password Write-Host "- Change farm supdatefarmcredentials ervice account" $profilesyncAcct "password" -ForegroundColor "Green"
<# Run this command on other server except to CA stsadm -o updatefarmcredentials -userlogin $farmServiceAcct -password $password -local Write-Host "- Change farm service account" $profilesyncAcct "password" -ForegroundColor "Green" #>
IISRESET /NOFORCE
<# If there is a timer conflict on account update, please run following command to clear the old timer job $tj = Get-SPTimerJob -Identity "job-admin-apppool-change" $tj.Delete() or clear Timer Cache in C:\ProgramData\Microsoft\SharePoint\Config #> |
執行結果:
PS C:\Windows\system32> C:\SPS\ChangePassword_v2.ps1 - Change managed account sl\sp_farm with password: System.Security.SecureString - Change managed account SL\SecureStore with password: System.Security.SecureString - Change content access account sl\sp_farm password - Change user profile account sl\sp_farm password Starting User Profile Synchronization Service...
TypeName Status Id -------- ------ -- User Profile Synchronization ... Provi... 00b7ceb3-b4ad-44b4-8b19-e9fbf45776e6 - Update service SPSearchHostController process identity - Update service FIMSynchronizationService process identity - Update service SPUserCodeV4 process identity - Update service AppFabricCachingService process identity
Name : AppServiceAppPool ProcessAccount : S-1-5-21-3992576262-2661612169-393204158-500 TypeName : Microsoft.SharePoint.Administration.SPIisWebServiceApplicationPool DisplayName : AppServiceAppPool Id : 11b54e6a-de68-4194-8235-0f4069a374f4 Status : Online Parent : SPIisWebServiceSettings Name=SharePoint Web Services Version : 811817 Properties : {} Farm : SPFarm Name=SP13_Config UpgradedPersistedProperties : {} ProcessAccountName : SL\Administrator
Name : ExcelServiceAppPool ProcessAccount : S-1-5-21-3992576262-2661612169-393204158-1119 TypeName : Microsoft.SharePoint.Administration.SPIisWebServiceApplicationPool DisplayName : ExcelServiceAppPool Id : ea7ca61f-e1fa-4d4f-8e0d-e33e63d34aba Status : Online Parent : SPIisWebServiceSettings Name=SharePoint Web Services Version : 811841 Properties : {} Farm : SPFarm Name=SP13_Config UpgradedPersistedProperties : {} ProcessAccountName : SL\ExcelAppPool
Name : SecureStoreSeriveAppPool ProcessAccount : S-1-5-21-3992576262-2661612169-393204158-1118 TypeName : Microsoft.SharePoint.Administration.SPIisWebServiceApplicationPool DisplayName : SecureStoreSeriveAppPool Id : 6424305e-eceb-44f2-beed-c3de55da9295 Status : Online Parent : SPIisWebServiceSettings Name=SharePoint Web Services Version : 811867 Properties : {} Farm : SPFarm Name=SP13_Config UpgradedPersistedProperties : {} ProcessAccountName : SL\SecureStore
Name : SecurityTokenServiceApplicationPool ProcessAccount : S-1-5-21-3992576262-2661612169-393204158-500 TypeName : Microsoft.SharePoint.Administration.SPIisWebServiceApplicationPool DisplayName : SecurityTokenServiceApplicationPool Id : 0cea9e2d-b52d-4b1e-975b-852b40e88a78 Status : Online Parent : SPIisWebServiceSettings Name=SharePoint Web Services Version : 811887 Properties : {} Farm : SPFarm Name=SP13_Config UpgradedPersistedProperties : {} ProcessAccountName : SL\Administrator
Name : SharePoint Service Application ProcessAccount : S-1-5-21-3992576262-2661612169-393204158-500 TypeName : Microsoft.SharePoint.Administration.SPIisWebServiceApplicationPool DisplayName : SharePoint Service Application Id : de33617d-85b4-4967-b4fb-09752a1a7606 Status : Online Parent : SPIisWebServiceSettings Name=SharePoint Web Services Version : 811907 Properties : {} Farm : SPFarm Name=SP13_Config UpgradedPersistedProperties : {} ProcessAccountName : SL\Administrator
Name : SharePoint Web Services System ProcessAccount : S-1-5-21-3992576262-2661612169-393204158-500 TypeName : Microsoft.SharePoint.Administration.SPIisWebServiceApplicationPool DisplayName : SharePoint Web Services System Id : f6c612e5-e955-4e60-9b87-6f7c9a39b9f6 Status : Online Parent : SPIisWebServiceSettings Name=SharePoint Web Services Version : 811931 Properties : {} Farm : SPFarm Name=SP13_Config UpgradedPersistedProperties : {} ProcessAccountName : SL\Administrator
作業成功 input 完成 - Change farm service account sl\sp_farm password 正在嘗試停止... 網際網路服務已順利停止 正在嘗試啟動... 網際網路服務已順利重新啟動 |