Changing password through CA for any managed account
https://sharepoint.stackexchange.com/questions/171993
-
07-10-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianDomanda
Does changing password through Central Administration for any managed account (like my farm admin account) also sync and update the password in AD? If we change password for a managed account in AD then definitely we need to update the same password in Central Admin for that managed account. But what happens in case when we directly create a new password in Central Admin for a managed account? Does this updates the password in AD?
What if SharePoint Administrator sets Enable automatic password change on the Configure Managed Accounts page in Central Admin? Also this option updates the managed account password in AD automatically?
Soluzione
Answer is Yes, once you configure the Automatic password change it will update the AD as well as SharePoint( IIS etc).
As per my experience and dealing with this process since launched. I highly recommend that dont configure the FarmAdmin account automatic due to following reason.
- If you have User Profile service configured then you know, for sync it is using the farm admin account. their is no way in SharePoint managed password that update password for sync connection. So, SharePoint on a day change the password for Farm admin and then you sync will stop working.
- Farm admin account used in different services, i.e central admin app pool, timer service, admin service etc on all server in the farm. If anything happen during the password change( if you have multiple server farm) like network glitchs, timer service stop etc then this change will not go throw and now you will be in trouble.
App Pools accounts are ok, but farm admin should not be automatic as per my experince but if you have single server farm then fine.
http://blogs.msdn.com/b/charliechirapuntu/archive/2013/01/18/10385512.aspx
Altri suggerimenti
Sure it does change account password. There is no need to say 'password in AD' cause there is no separate thing like 'password in SP'. As long as it's AD thing, this is subject to domain policies - complexity, expiration, uniqueness and so on. Some admins gather all SP accounts in special OU in AD, and apply no-expiry GPO.
One of the finest and earliest articles about this feature I've seen is http://blogs.technet.com/b/seanearp/archive/2011/01/25/updating-passwords-on-sharepoint-2010.aspx - might be useful
