Note If the SQL Server service uses a domain account, and the password for that domain account is either expired or invalid, make sure that you update the password for the domain account before you perform this procedure.
Update the password for the account that is used by the Central Administration application pool. To do this, follow these steps:
On all servers in the server farm, open a command prompt, type the following line, and then press ENTER:
cd %commonprogramfiles%\Microsoft Shared\Web server extensions\12\Bin
On the server that hosts the Central Administration Web site, type the following line at the command prompt, and then press ENTER:
stsadm -o updatefarmcredentials -userlogin DomainName\UserName -password NewPassword
On all other servers in the server farm, type the following line at the command prompt, and then press ENTER:
stsadm -o updatefarmcredentials -userlogin DomainName\UserName -password NewPassword -local
Restart Microsoft Internet Information Services (IIS) 6.0. To do this, type the following line at the command prompt, and then press ENTER:
iisreset /noforce
Verify that the Administration Application Pool Credential Deployment job definition is no longer displayed on the Timer Job Definitions page of SharePoint 3.0 Central Administration. To do this, follow these steps:
Open SharePoint 3.0 Central Administration, click Operations, and then click Timer job definitions under Global Configuration.
Verify that the Administration Application Pool Credential Deployment job definition is no longer displayed in the list.
Note If the Administration Application Pool Credential Deployment job definition is displayed in the list, wait until it disappears from the list.
Update the password for the application pool account that is used by Web applications on the server farm. To do this, type the following line at a command prompt on every server on the server farm, and then press ENTER:
stsadm -o updateaccountpassword -userlogin DomainName\UserName -password NewPassword -noadmin
Update the password for the account that is used to run the Windows SharePoint Services Help Search service. To do this, type the following line at a command prompt on every server on the server farm, and then press ENTER:
stsadm.exe -o spsearch -farmserviceaccount DomainName\UserName -farmservicepassword NewPassword
Update the password for the default content access account that is used by the Windows SharePoint Services Help Search service. To do this, type the following line at a command prompt on every server on the server farm, and then press ENTER:
stsadm.exe -o spsearch -farmcontentaccessaccount DomainName\UserName -farmcontentaccesspassword NewPassword
If you are running SharePoint Server 2007, you must also follow these steps:
Update the password for the account that is used by every Shared Services Provider (SSP) on the server farm. To do this, type the following line at a command prompt on every server on the server farm, and then press ENTER:
stsadm.exe -o editssp -title SharedServicesProviderName -ssplogin DomainName\UserName -ssppassword NewPassword
Update the password for the account that is used to run the Office SharePoint Server Search service. To do this, type the following line at the command prompt, and then press ENTER:
stsadm.exe -o osearch -farmserviceaccount DomainName\UserName -farmservicepassword NewPassword
If the server farm is configured to use single sign-on, update the password for the account that is used by the Microsoft Single Sign-On Service. To do this, follow these steps:
Click Operations in SharePoint 3.0 Central Administration, and then click Service accounts under Security Configuration.
Under Windows service, click Single Sign-On Service.
Under Configurable, specify the password, and then click OK.
Update the password for the default content access account that is used by the Office SharePoint Server Search service. To do this, follow these steps:
Open SharePoint 3.0 Central Administration, and then click the link to the SSP Web application under Shared Services Administration.
Under Search, click Search settings, and then click Default content access account.
Specify the password to use for the content access account, and then click OK.
Sample script
The following script is an example of how you can use the previous procedure to create a batch file that automates password changes. Use the following syntax to run the script:
FileName.bat DomainName\UserName NewPassword
@echo off
rem other app pools
echo *** Updating app pool passwords
"%commonprogramfiles%\Microsoft Shared\Web server extensions\12\BIN\Stsadm.exe" -o updateaccountpassword -userlogin %1 -password %2 -noadmin
rem central admin
echo *** Updating Central Admin password
"%commonprogramfiles%\Microsoft Shared\Web server extensions\12\BIN\Stsadm.exe" -o updatefarmcredentials -userlogin %1 -password %2
rem ssp - new
echo *** Updating ssp password for new installs
"%commonprogramfiles%\Microsoft Shared\Web server extensions\12\BIN\Stsadm.exe" -o editssp -title "SharedServices1" -ssplogin %1 -ssppassword %2
rem ssp - upgrade
echo *** Updating ssp password for upgraded installs
"%commonprogramfiles%\Microsoft Shared\Web server extensions\12\BIN\Stsadm.exe" -o editssp -title "Default Web Site" -ssplogin %1 -ssppassword %2
rem osearch
echo *** Updating osearch password
"%commonprogramfiles%\Microsoft Shared\Web server extensions\12\BIN\Stsadm.exe" -o osearch -farmserviceaccount %1 -farmservicepassword %2
echo *** MANUAL UPDATE NEEDED. To update the password, visit the SSP Web application page, click Search Settings, and then click Default Content Access Account.
rem spsearch
echo *** Updating spsearch password
"%commonprogramfiles%\Microsoft Shared\Web server extensions\12\BIN\Stsadm.exe" -o spsearch -farmserviceaccount %1 -farmservicepassword %2
echo *** Updating spsearch content access account
"%commonprogramfiles%\Microsoft Shared\web server extensions\12\BIN\stsadm.exe" -o spsearch -farmcontentaccessaccount %1 -farmcontentaccesspassword %2
rem restarting IIS
echo *** Doing soft restart of IIS
iisreset /noforce
echo on
Modify the script to include the correct names of each SSP in the server farm. If the server farm is configured to use single sign-on, you must also use the sc config command.
Back to the top
How to update the SharePoint Server 2007 password when SharePoint Server 2007 is installed in a least-privileges configuration
Method 1: Start the SPAdmin service
Start the SPAdmin service on all computers in the farm before you update the password. Stop the service when the operation is complete.
Method 2: Add the database access account to the local administrators group
Add the database access account to the local administrators group of each computer in the farm that has an online search instance. Log on by using that account, and then update the password by using the stsadm command.
When this operation is complete, remove the database access account from the local administrators group of each computer.
