- Central administration
- Timer service
- Service applications
- Application pools
To synchronize passwords automatically you can register managed accounts and configure SharePoint Foundation to change the managed accounts’ passwords according to a schedule. SharePoint Foundation automatically generates a new password, updates the password in Active Directory Domain Services (AD DS), and propagates the changes to other servers in the farm
To simplify password management, the automatic password change feature enables you to update and deploy passwords without having to perform manual password update tasks across multiple accounts, services, and Web applications.
You can configure the automatic password change feature to determine if a password is about to expire and reset the password using a long, cryptographically-strong random string.
To implement the automatic password change feature, you have to configure managed accounts.
1.1) Configuring managed accounts by Central Administration
.1 Verify that the user account that is performing this procedure is a site collection administrator.
.2 On the Central Administration Web site, select Security.
.3 Under General Security, click Configure managed accounts.
.4 On the Managed Accounts page, click Register Managed Account.
.5 In the Account Registration section of the Register Managed Account page, enter the service account credentials.
.6 In the Automatic Password Change section, select the Enable automatic password change check box to allow SharePoint Foundation 2010 to manage the password for the selected account. Next, enter a numeric value that indicates the number of days prior to password expiration that the automatic password change process will be initiated.
.7 In the Automatic Password Change section, select the Start notifying by e-mail check box, and then enter a numeric value that indicates the number of days prior to the initiation of the automatic password change process that an e-mail notification will be sent. You can then configure a weekly or monthly e-mail notification schedule.
.8 Click OK.
2.2) Configure automatic password change settings by Central Administration
1) Verify that the user account that is performing this procedure is a site collection administrator.
2) On the Central Administration Web site, click Security.
3) Under General Security, click Configure password change settings.
4) In the Notification E-Mail Address section of the Password Management Settings page, enter the e-mail address of an individual or group to be notified of any imminent password change or expiration events.
5)If automatic password change is not configured for a managed account, enter a numeric value in the Account Monitoring Process Settings section that indicates the number of days prior to password expiration that a notification will be sent to the e-mail address configured in the Notification E-Mail Address section.
6)In the Automatic Password Change Settings section, enter a numeric value that indicates the number of seconds that automatic password change will wait (after notifying services of a pending password change) before initiating the change. Enter a numeric value that indicates the number of times a password change will be attempted before the process stops.
7) Click OK.
2.3) Troubleshooting automatic password change
2.3.1)To correct for a password mismatch
- Verify that you meet the following minimum requirements (http://technet.microsoft.com/en-us/library/ff607596.aspx)
- On the Start menu, click All Programs.
- Click Microsoft SharePoint 2010 Products.
- Click SharePoint 2010 Management Shell.
- From the Windows PowerShell command prompt, type the following ENTER:
2.3.2) To resolve a service account provisioning failure
a) If service account provisioning or re-provisioning fails on one or more servers in the farm, check the status of the Timer Service. If the Timer Service has stopped, restart it.
Consider using the following Stsadm command to immediately start Timer Service administration jobs:
stsadm -o execadmsvcjobs
b) If restarting the Timer Service does not resolve the issue, use Windows PowerShell to repair the managed account on each server in the farm that has experienced a provisioning failure
- Verify that you meet the following minimum requirements
- (http://technet.microsoft.com/en-us/library/ff607596.aspx)
- On the Start menu, click All Programs.
- Click Microsoft SharePoint 2010 Products.
- Click SharePoint 2010 Management Shell.
- From the Windows PowerShell command prompt, type the following:
c) If the preceding procedure does not resolve a service account provisioning failure, it is likely because the farm encryption key cannot be decrypted.
If this is the issue, use Windows PowerShell to update the local server pass phrase to match the pass phrase for the farm.
- Verify that you meet the following minimum requirements: (http://technet.microsoft.com/en-us/library/ff607596.aspx)
- On the Start menu, click All Programs. Click Microsoft SharePoint 2010 Products.
- Click SharePoint 2010 Management Shell.
- From the Windows PowerShell command prompt, type the following
2.3.3) Imminent password expiration: - If the password is about to expire, but automatic password change has not been configured for this account, use Windows PowerShell to update the account password to a new value that can be chosen by the administrator or automatically generated. After you have updated the account password, make sure the Timer Service is started and the Administrator Service is enabled on all servers in the farm. Then, the password change can be propagated to all of the servers in the farm.
- Verify that you meet the following minimum requirements: (http://technet.microsoft.com/en-us/library/ff607596.aspx)
- On the Start menu, click All Programs. Click Microsoft SharePoint 2010 Products.
- Click SharePoint 2010 Management Shell.
- To update the account password to a new value chosen by the administrator, from the Windows PowerShell command prompt, type the following
0 To update the account password to a new automatically generated value, from the Windows PowerShell command prompt, type the following:
Set-SPManagedAccount [-Identity] <SPManagedAccountPipeBind> -AutoGeneratePassword $true
Note: - If you need to change the farm account to a different account, use the following Stsadm command:
stsadm.exe -o updatefarmcredentials –userlogin DOMAIN\username –password password
We have created a web part that allows user to change passwords in SharePoint: http://www.harepoint.com/Products/HarePointPasswordChange/Default.aspx
ResponderEliminar