As I did not know the details, I closed after a few guesses/changing the default account.
This new feature is a great benefit to Share Point administrators and security conscious admins in general as it allows us to easily enforce our corporate security policies by changing these passwords on a schedule, and the administrators don’t even know what the password is so the likelihood of a compromise due to a disgruntled admin, though not eliminated, is somewhat reduced.
But the introduction of this new feature isn’t all good.
When I run on our new domain (windows 2008 domain controller), it gives me a "General Access Denied" error when I hit the Commit Changes statement. Maybe it does not have permissions to Active Directory.
If I add my login credentials to the Directory Entry connection... Obviously I don't want to keep login credentials hard-coded (or in the app.config)... Sample Code: This version works on old domain, but failed on new domain Directory Entry tmp ADEntry = new Directory Entry(ADResult. But it would appear to have permissions since you can provide them in that one example and have it work.
How can I change the account of the app pool, but also change all of the other service accounts?
The credentials used for the account [name] expired on 1/9/2010 PM, and need to be updated.
As previously noted there is no cmdlet for creating Application Pools for Web Applications.
Instead what you need to do is first check if the Application Pool you need already exists by using the cmdlet, otherwise pass in the name and the Managed Account to use as the Application Pool’s identity: When it comes to applying non-managed accounts to the various features things get a little more complicated. For Share Point Foundation Search we can set the crawl account (or content access account) using Central Admin by navigating to the Services on Server page and clicking the Share Point Foundation [Help] Search link which takes you to the settings page where we can set the crawl account: To set the same information using Windows Power Shell we actually have to go old-school and use STSADM as there’s no Power Shell equivalent cmdlet.
The following lists what I’ve come across so far (if I’ve missed anything please leave a comment so I can update these lists): Managed Service Accounts: Configure managed accounts: You can edit the settings for any managed account by simply clicking the edit icon associated with the account you wish to modify.
Once on the Manage Account screen you can configure the automatic password change settings: To perform the same tasks using Windows Power Shell we can use the to prompt for the password so that it is not hard coded anywhere): Once you have your Managed Accounts created you can begin to use them for things such as Service Instances and Service and Content Application Pools.
The complication comes from the fact that Share Point 2010 doesn’t implement this capability consistently.