Administrator Guide
Resetting service account passwords
This section describes how to rotate service account passwords by using the password reset script. It is important that you do this rotation
before service account passwords expire. Password expiration is controlled by your domain password policy settings. The Operations
Manager alert for password expiration is raised 14 days before passwords expire.
IMPORTANT: If service account passwords have already expired, complete the steps in the following section before you run the
password script.
Resetting expired service account passwords
Use the following instructions to reset and resynchronize your expired DHCS service account passwords with the Active Directory
environment. These instructions also help you restore full functionality to all the services that may be impacted after all account passwords
have expired. When expiration occurs, you might nd that the SQL instances within the SQL cluster cannot start, and services that rely on
those instances, such as SCVMM, SCOM, and Azure, do not function properly. Follow these steps to restore functionality:
1 Find accounts that have expired, using the following command:
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False}–Properties
“Name”, “msDS-UserPasswordExpiryTimeComputed” | Select-Object -Property
“Name”,@{Name=“ExpiryDate”;Expression={[datetime]::FromFileTime($_.“msDS-
UserPasswordExpiryTimeComputed”)}}
Figure 51. Find expired accounts
2 Reset SQL service account password by doing the following:
a Launch Active Directory Users and Computers, and locate the SQL service account, <
Prex
>-SVC-SQL.
b Right-click and select Reset Password to open a dialog where you can type a new password. Deselect User must change
password at next logon before clicking OK.
Figure 52. Reset Password dialog
c Open the Services console (services.msc), and connect to the rst SQL cluster node, <
Prex
>SQL01.
d Locate the SQL Instance services:
118
Security