Solved

What's the process to change the service account (domain) password in sql server 2008?

Posted on 2012-03-19
14
433 Views
Last Modified: 2012-04-11
Hi there,
We have a domain account as a service account on our all SQL Server 2008 envs.  We need to change the password for ISO compliance... What the process to change it and what is/are the look out things we need to do before we change it? Thank you!
0
Comment
Question by:hpradhan08
14 Comments
 
LVL 20

Expert Comment

by:BuggyCoder
ID: 37741020
open service.msc, go to your sql service (SQLSERVER(InstanceName)) service.

Double click the service(Right click-->Properties)

Open in logon tab and change the password....
0
 
LVL 7

Expert Comment

by:abdulalikhan
ID: 37741169
After putting the new password in the service log on tab, restart the services. Check all the SQL services which are using this service account.
0
 
LVL 69

Expert Comment

by:Scott Pletcher
ID: 37742725
NO.

You NEVER change a SQL password thru Windows.

Change the password in AD.

For SQL 2008, use SQL Server Configuration Manager to change the password in SQL; the tool will automatically change the password in Windows also.

If you change the password from Windows, you will lose the automatic coordination of the passwords between SQL and Windows and have a mess on your hands to get it corrected :-( .
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:hpradhan08
ID: 37745611
Hi Scott,
I read about that. Thank you for bringing that up. What if I use 'window's security and 'change password' there... Is there a consequences of that?  Thank you in advance for your prompt response.
0
 
LVL 69

Expert Comment

by:Scott Pletcher
ID: 37747474
Yeah, IIRC, I think there is, or certainly could be.  The two passwords can get out of sync.  In some cases you have to make registry changes by hand -- not fun.

You could try going into the SQL tool and making the same change ... not sure if it will correct everything or not.

Hopefully you will get lucky :-) .

But for future reference, you really should always use the SQL tool to change a SQL password, because that tool will automatically sync everything up the way it needs to be for the changed pwd.
0
 

Author Comment

by:hpradhan08
ID: 37748410
I don't believe on luck, man. That's why I'm asking you the proper way to change it.

Also, it's domain account. So, I need to change it going to Window's Security  and change a password, right? Please confirm.
0
 
LVL 69

Expert Comment

by:Scott Pletcher
ID: 37748449
No, I don't think so.

You use AD tool to change the domain account password (sorry, not an AD person, don't know any more details on that).

Then you use SQL tools to change the password for SQL, which automatically changes the related Windows logins as required.

AFAIK, you never have to use the native Windows Services panel to change passwords for accounts used to run SQL.  The SQL Mgmt tool makes the necessary Windows changes for you, while also making the changes needed for SQL itself (registry, etc.).
0
 

Author Comment

by:hpradhan08
ID: 37763651
Hi Scott,
I got the SQL tool to change the password for SQL. The good news is we're not using this account on running SQL Service account. We've used some other domain account... So, we just used this domain account to install the sql server and later on we changed it  to different account...

 Thank you so much for bringing up the AD tool to change the domain account password. May I ask you or anybody who know this AD tool and how I get it/ use it to change the domain account?  Thank you in advance for your help.
0
 
LVL 69

Expert Comment

by:Scott Pletcher
ID: 37766098
Sorry.  That will have to be someone else.  I am not an AD admin, I just work with them :-) .

I understand what I need to know about AD from a DBA standpoint, but that's about it.  I don't maintain AD or use it myself to change pwds -- I always worked with a separate AD admin people who used the AD tools themselves.
0
 

Author Comment

by:hpradhan08
ID: 37769201
Thank you, Scott for your input.

I'm calling out the AD Admin out there... I told our SysAdmin  about the AD tool to change the domain account password. He is asking me the tool name... Could you please provide me that?
0
 
LVL 69

Expert Comment

by:Scott Pletcher
ID: 37771393
Sorry, as I said, I truly don't know.  

I'm only going by what AD admins told me.  They have some way they can reset passwords for Windows / domain accounts.  C'mon, it only makes sense.  Don't know why your sysadmin is pretending not to know how to change the pwd on an acct.
0
 

Author Comment

by:hpradhan08
ID: 37796766
Scott,
Yes, he is pretending or he truly doesn’t know...Anyway, I worry about my part. This domain account 'abc' is running our show literally; it owns all the DBs; and jobs. But the services are running under different domain account/s. So, once the domain account's password changed on the domain level, I just need to change the password using SQL Tool (configuration manager) and it'll be fine. What happens between the password changed on the domain level and password changed on SQL Server level? Don't SQL Server going to freak out in between that time?
0
 
LVL 69

Accepted Solution

by:
Scott Pletcher earned 500 total points
ID: 37798201
No.  For internal/core processes, it continues to use existing control info until/unless SQL Server is re-started.

That is, core internal control structures have already been created using the existing login info, and in general SQL can continue using those.

However, any new requests that require login validation won't work, of course.  So it's best to change it on the SQL side as soon as you can.

But it has to be changed on the Windows/domain side first, naturally, since otherwise the SQL tool won't be able to verify the new password for that login.
0
 

Author Closing Comment

by:hpradhan08
ID: 37833296
Thank you, Scott. I appreciate your input.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally there is a need to clean table columns, especially if you have inherited legacy data. There are obviously many ways to accomplish that, including elaborate UPDATE queries with anywhere from one to numerous REPLACE functions (even within…
In this article I will describe the Copy Database Wizard method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
Via a live example, show how to shrink a transaction log file down to a reasonable size.
Using examples as well as descriptions, and references to Books Online, show the documentation available for datatypes, explain the available data types and show how data can be passed into and out of variables.

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question