Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

How to change serivce account passwords

  • Filter
  • Time
  • Show
Clear All
new posts

  • murtazazm
    started a topic How to change serivce account passwords

    How to change serivce account passwords

    We have over 100 servers on our network. Some of the applications installed on these servers run as services which require a domain account to logon as a service. To compound the problem some services are using different accounts across the servers.

    We now have a requirement to change their passwords. We are faced with the following problem.

    1. How to find out which service is running with which account on a server.

    2. Change the service accounts password on that server after we change the password of the account.

    We are currently in a mixed mode with NT 4.0 and W2K3.

    Any help or pointers would be greatly appreciated.

    Thanks in advance.


  • guyt
    I am not being able to access the archives of mailing list, so I am attaching a script by Dean Wells that does most of the work:
    :: SVCcontent - Queries and list all services on all servers within a specified domain running within a specified security context
    :: Dean Wells - MSEtechnology - Sept. 2002
    @echo off
    :: Begin script body
    :: Define initial environment
    set fqdn=%1
    set dn=dc=%fqdn:.=,dc=%
    set principal=%2
    set scriptname=SVCcontext
    set log=%TEMP%\%scriptname%.log
    set stdout=nul
    set stderr=nul
    set found=0
    :: Determine if supplied arguments were sufficient
    if "%2"=="" (
    	echo ERROR - Insufficient arguments, "%*"
    	goto :SYNTAX
    :: Define extreme SC query buffer to cope with unfamiliar environments
    set bufsize=50000
    :: Locate critical executables
    for %%e in (find.exe sc.exe ldifde.exe) do (
    	set where="%%~$PATH:e"
    	if "!where!"=="""" (
    		echo ERROR - Required executable, "%%e", not located within the path
    		goto :END
    :: Cleanup existing temporary/log files and prepare log header
    del %TEMP%\servers.log 1>%stdout% 2>%stderr%
    del %log% 1>%stdout% 2>%stderr%
    echo %scriptname% log, "%log%" - >>%log%
    echo   * created by "%USERNAME%" at "%TIME%" on "%DATE%">>%log%
    echo   * servers in domain "%fqdn%" queried>>%log%
    echo   * queried for match or partial match on "%principal%" >>%log%
    echo/ >>%log%
    echo [[BEGIN LOG]] >>%log%
    echo/ >>%log%
    :: Determine servers to query
    ldifde -j %TEMP% -s %fqdn% -d %dn% -r (objectClass=computer) -l dnshostname -f %TEMP%\servers.log 1>%stderr% 2>%stderr%
    if errorlevel 1 (
    	echo ERROR - LDAP query failed enumerating server list
    	goto :SYNTAX
    :: Prepare display
    echo STATUS - Working ...
    :: Parse the servers
    for /f "tokens=2 delims=: " %%h in ('type %TEMP%\servers.log ^| find /i "dnshostname: "') do (
    	call :GETSVCS %%h
    :: Clean up display and display log
    if "%found%"=="1" (
    	echo/ >>%log%
    	echo STATUS - Done^^!
    	start "" notepad %log%
    ) else (
    	echo STATUS - No services located
    	echo          * Queried domain "%fqdn%"
    	echo          * Queried for match or partial match on "%principal%"
    echo [[END LOG]] >>%log%
    :: Script body ends
    goto :END
    :: Define functions and procedures
    for /f "tokens=2 delims=: " %%s in ('sc \\%1 query state^= all bufsize^= %bufsize% ^| find "SERVICE_NAME"') do (
    	call :QUERYSVCS %1 %%s
    goto :EOF
    for /f "tokens=2 delims=: " %%p in ('sc \\%1 qc %2 ^| find "SERVICE_START_NAME"') do (
    	echo %%p | find /i "%principal%" 1>%stderr% 2>%stderr%
    	if not errorlevel 1 (
    		set found=1
    		echo + SERVICE %2, SERVER %1, CONTEXT %%p
    		echo + SERVICE %2 on SERVER %1 runs in the context of %%p >>%log%
    goto :EOF
    echo SYNTAX - %scriptname% [domain FQDN] [username]
    echo   * [domain FQDN] is the DNS domain name to query for servers
    echo   * [username] is the name or partial name of the service account
    echo     e.g. - %scriptname% Administrator
    echo  or ...
    echo     e.g. - %scriptname% MICROSOFT\Admin
    :: End script and perform necessary cleanup
    del %TEMP%\servers.log 1>%stderr% 2>%stderr%
    This is supposed to be the original post: (looks like our proxy does not like http on this port)

    Leave a comment:

  • Greel
    You can see the account the service is running under in the services screen, last column (Log On As)

    to change the passwords, simply change the password on the domain controller, then go to the server services and get the properties of that service, go to the Log On Tab, and fill in the new password.

    That should do the trick.

    Leave a comment: