atlasdev
asked on
To update SQL service account password by using Active Directory User and Groups program
I have configured a domain user account named SQLService for the SQL server service. The SQLService account is in the Log On As tab of the SQL service in the service panel of the server. My concern now is that I cannot automatically update the password for this SQLService user account. I found that when I updated the password for SQLService account in the Active Directory, the new password would not apply to the passwords set the service panels of the SQL servers in the domain.
Do I have to manually logon to each SQL server and update the password for the SQLService account?
Do I have to manually logon to each SQL server and update the password for the SQLService account?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
MrAli
Some security policies let you get away with setting a service account password 1 time and never changing it. See if your company does, or if they will invest in a service account password management tool as part of AD suite, not sure if any really good ones exist.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This is a security weakness of SQL 2008. I have security policies that I must follow and one of them requires me to change the password of a user account at least once annually.
It seems that if I want to enable SQL 2008 log shipping or other features which require me to use a user account as the service account, I must manually go to each server's config tool to update the password.
It seems that if I want to enable SQL 2008 log shipping or other features which require me to use a user account as the service account, I must manually go to each server's config tool to update the password.
Atlasdev was asking about SQL Server "Service" account passwords needed to run the engine, not the internal server passwords used by the engine to grant access to objects. As far as changing internal SQL Server passwords go, there are a lot of best practices, as you mentioned.
MrAli:
When you want to change the password for the domain account that runs the SQL Server service -- or any other SQL Server service, such as Reporting Services -- you should *always* use the SQL Config tool to do that. Change the Account password in AD, then change it in the *SQL Server Config tool*, *not* in the *WIndows* service tools.
Yes, unfortunately, when the pwd changes, you must go thru that process for changing the pwd in SQL.
When you want to change the password for the domain account that runs the SQL Server service -- or any other SQL Server service, such as Reporting Services -- you should *always* use the SQL Config tool to do that. Change the Account password in AD, then change it in the *SQL Server Config tool*, *not* in the *WIndows* service tools.
Yes, unfortunately, when the pwd changes, you must go thru that process for changing the pwd in SQL.
ASKER
Basically, I got confirmation that there is no solution of my question.