Solved

What's the process to change the service account (domain) password in sql server 2008?

Posted on 2012-03-19
14
418 Views
Last Modified: 2012-04-11
Hi there,
We have a domain account as a service account on our all SQL Server 2008 envs.  We need to change the password for ISO compliance... What the process to change it and what is/are the look out things we need to do before we change it? Thank you!
0
Comment
Question by:hpradhan08
14 Comments
 
LVL 20

Expert Comment

by:BuggyCoder
ID: 37741020
open service.msc, go to your sql service (SQLSERVER(InstanceName)) service.

Double click the service(Right click-->Properties)

Open in logon tab and change the password....
0
 
LVL 7

Expert Comment

by:abdulalikhan
ID: 37741169
After putting the new password in the service log on tab, restart the services. Check all the SQL services which are using this service account.
0
 
LVL 69

Expert Comment

by:ScottPletcher
ID: 37742725
NO.

You NEVER change a SQL password thru Windows.

Change the password in AD.

For SQL 2008, use SQL Server Configuration Manager to change the password in SQL; the tool will automatically change the password in Windows also.

If you change the password from Windows, you will lose the automatic coordination of the passwords between SQL and Windows and have a mess on your hands to get it corrected :-( .
0
 

Author Comment

by:hpradhan08
ID: 37745611
Hi Scott,
I read about that. Thank you for bringing that up. What if I use 'window's security and 'change password' there... Is there a consequences of that?  Thank you in advance for your prompt response.
0
 
LVL 69

Expert Comment

by:ScottPletcher
ID: 37747474
Yeah, IIRC, I think there is, or certainly could be.  The two passwords can get out of sync.  In some cases you have to make registry changes by hand -- not fun.

You could try going into the SQL tool and making the same change ... not sure if it will correct everything or not.

Hopefully you will get lucky :-) .

But for future reference, you really should always use the SQL tool to change a SQL password, because that tool will automatically sync everything up the way it needs to be for the changed pwd.
0
 

Author Comment

by:hpradhan08
ID: 37748410
I don't believe on luck, man. That's why I'm asking you the proper way to change it.

Also, it's domain account. So, I need to change it going to Window's Security  and change a password, right? Please confirm.
0
 
LVL 69

Expert Comment

by:ScottPletcher
ID: 37748449
No, I don't think so.

You use AD tool to change the domain account password (sorry, not an AD person, don't know any more details on that).

Then you use SQL tools to change the password for SQL, which automatically changes the related Windows logins as required.

AFAIK, you never have to use the native Windows Services panel to change passwords for accounts used to run SQL.  The SQL Mgmt tool makes the necessary Windows changes for you, while also making the changes needed for SQL itself (registry, etc.).
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:hpradhan08
ID: 37763651
Hi Scott,
I got the SQL tool to change the password for SQL. The good news is we're not using this account on running SQL Service account. We've used some other domain account... So, we just used this domain account to install the sql server and later on we changed it  to different account...

 Thank you so much for bringing up the AD tool to change the domain account password. May I ask you or anybody who know this AD tool and how I get it/ use it to change the domain account?  Thank you in advance for your help.
0
 
LVL 69

Expert Comment

by:ScottPletcher
ID: 37766098
Sorry.  That will have to be someone else.  I am not an AD admin, I just work with them :-) .

I understand what I need to know about AD from a DBA standpoint, but that's about it.  I don't maintain AD or use it myself to change pwds -- I always worked with a separate AD admin people who used the AD tools themselves.
0
 

Author Comment

by:hpradhan08
ID: 37769201
Thank you, Scott for your input.

I'm calling out the AD Admin out there... I told our SysAdmin  about the AD tool to change the domain account password. He is asking me the tool name... Could you please provide me that?
0
 
LVL 69

Expert Comment

by:ScottPletcher
ID: 37771393
Sorry, as I said, I truly don't know.  

I'm only going by what AD admins told me.  They have some way they can reset passwords for Windows / domain accounts.  C'mon, it only makes sense.  Don't know why your sysadmin is pretending not to know how to change the pwd on an acct.
0
 

Author Comment

by:hpradhan08
ID: 37796766
Scott,
Yes, he is pretending or he truly doesn’t know...Anyway, I worry about my part. This domain account 'abc' is running our show literally; it owns all the DBs; and jobs. But the services are running under different domain account/s. So, once the domain account's password changed on the domain level, I just need to change the password using SQL Tool (configuration manager) and it'll be fine. What happens between the password changed on the domain level and password changed on SQL Server level? Don't SQL Server going to freak out in between that time?
0
 
LVL 69

Accepted Solution

by:
ScottPletcher earned 500 total points
ID: 37798201
No.  For internal/core processes, it continues to use existing control info until/unless SQL Server is re-started.

That is, core internal control structures have already been created using the existing login info, and in general SQL can continue using those.

However, any new requests that require login validation won't work, of course.  So it's best to change it on the SQL side as soon as you can.

But it has to be changed on the Windows/domain side first, naturally, since otherwise the SQL tool won't be able to verify the new password for that login.
0
 

Author Closing Comment

by:hpradhan08
ID: 37833296
Thank you, Scott. I appreciate your input.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Use this article to create a batch file to backup a Microsoft SQL Server database to a Windows folder.  The folder can be on the local hard drive or on a network share.  This batch file will query the SQL server to get the current date & time and wi…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function
Viewers will learn how to use the INSERT statement to insert data into their tables. It will also introduce the NULL statement, to show them what happens when no value is giving for any given column.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now