In a previous post I showed how to install SharePoint without having a domain account (obviously for testing purposes) and a reader – Yes, I have some – asked how to change that to a domain account afterwards. This also applies to changing from a domain account to another domain account !
Here is how:
Before changing the farm account run this check list to avoid surprises
- Is the farm admin account also the service account <—trouble ahead
- Is the farm admin account also the SQL Service account <—more trouble ahead
- If the farm admin account is used for running App Pool on IIS this can be a problem
- Deploying solution as an administrator requires that you have the farm admin account
- The farm admin account is (usually) local administrator on all the SharePoint servers in the farm
- Farm admin account is also db_owner, db_creator on all WSS content databases
Launch the central administration – logged on as a the setup farm account and navigate to Security –> Configure Service Accounts. In the drop down pick the farm account and take a not of the name of the existing farm account.
Click on Register new managed account and fill in the form with the domain account you want to register.
You can also have SharePoint helping you with password renewal notification – but your service account is hopefully one with a never changing password.
This can also be done with PowerShell:
$appPoolUserName = "<domain><user_name>" $appPoolCred = Get-Credential $appPoolUserName New-SPManagedAccount -Credential $appPoolCred
Then update the farm account starting on the Central Administration server and then on each of the SharePoint servers in the farm..
Start a command prompt in elevated mode and type the following command :
stsadm.exe –o updatefarmcredentials –userlogin <domain><user_name>” –password <password>
then run iisreset /noforce
remember to do that first on the CA server and the on the remaining servers.
After that you need to update the security groups on each server in the farm following these rules:
Start –> administrative tools –> Computer management
Expand System Tools –> Local users and groups –> Groups
Set the permissions as below:
ADMINISTRATORS – add the new farm account.
WSS_WPG – add the new farm account.
WSS_ADMIN_WPG – add the new farm account.
Once it’s done you need to update the account as the Farm account on SharePoint
You will probably also need to update the following accounts:
- Windows Service – Microsoft SharePoint Foundation Sandboxed Code Service
- Windows Service – User Profile Synchronization Service
- Windows Service – Web Analytics Data Processing Service
- Service Application Pool – SecurityTokenServiceApplicationPool
- Service Application Pool – SharePoint Web Services System
After that remember to clean up and remove the old unused account and confirm that the settings have been updated on each server in the farm.
Happy SharePointing !!