What's the process to change the service account (domain) password in sql server 2008?
Hi there,
We have a domain account as a service account on our all SQL Server 2008 envs. We need to change the password for ISO compliance... What the process to change it and what is/are the look out things we need to do before we change it? Thank you!
We have a domain account as a service account on our all SQL Server 2008 envs. We need to change the password for ISO compliance... What the process to change it and what is/are the look out things we need to do before we change it? Thank you!
After putting the new password in the service log on tab, restart the services. Check all the SQL services which are using this service account.
NO.
You NEVER change a SQL password thru Windows.
Change the password in AD.
For SQL 2008, use SQL Server Configuration Manager to change the password in SQL; the tool will automatically change the password in Windows also.
If you change the password from Windows, you will lose the automatic coordination of the passwords between SQL and Windows and have a mess on your hands to get it corrected :-( .
You NEVER change a SQL password thru Windows.
Change the password in AD.
For SQL 2008, use SQL Server Configuration Manager to change the password in SQL; the tool will automatically change the password in Windows also.
If you change the password from Windows, you will lose the automatic coordination of the passwords between SQL and Windows and have a mess on your hands to get it corrected :-( .
ASKER
Hi Scott,
I read about that. Thank you for bringing that up. What if I use 'window's security and 'change password' there... Is there a consequences of that? Thank you in advance for your prompt response.
I read about that. Thank you for bringing that up. What if I use 'window's security and 'change password' there... Is there a consequences of that? Thank you in advance for your prompt response.
Yeah, IIRC, I think there is, or certainly could be. The two passwords can get out of sync. In some cases you have to make registry changes by hand -- not fun.
You could try going into the SQL tool and making the same change ... not sure if it will correct everything or not.
Hopefully you will get lucky :-) .
But for future reference, you really should always use the SQL tool to change a SQL password, because that tool will automatically sync everything up the way it needs to be for the changed pwd.
You could try going into the SQL tool and making the same change ... not sure if it will correct everything or not.
Hopefully you will get lucky :-) .
But for future reference, you really should always use the SQL tool to change a SQL password, because that tool will automatically sync everything up the way it needs to be for the changed pwd.
ASKER
I don't believe on luck, man. That's why I'm asking you the proper way to change it.
Also, it's domain account. So, I need to change it going to Window's Security and change a password, right? Please confirm.
Also, it's domain account. So, I need to change it going to Window's Security and change a password, right? Please confirm.
No, I don't think so.
You use AD tool to change the domain account password (sorry, not an AD person, don't know any more details on that).
Then you use SQL tools to change the password for SQL, which automatically changes the related Windows logins as required.
AFAIK, you never have to use the native Windows Services panel to change passwords for accounts used to run SQL. The SQL Mgmt tool makes the necessary Windows changes for you, while also making the changes needed for SQL itself (registry, etc.).
You use AD tool to change the domain account password (sorry, not an AD person, don't know any more details on that).
Then you use SQL tools to change the password for SQL, which automatically changes the related Windows logins as required.
AFAIK, you never have to use the native Windows Services panel to change passwords for accounts used to run SQL. The SQL Mgmt tool makes the necessary Windows changes for you, while also making the changes needed for SQL itself (registry, etc.).
ASKER
Hi Scott,
I got the SQL tool to change the password for SQL. The good news is we're not using this account on running SQL Service account. We've used some other domain account... So, we just used this domain account to install the sql server and later on we changed it to different account...
Thank you so much for bringing up the AD tool to change the domain account password. May I ask you or anybody who know this AD tool and how I get it/ use it to change the domain account? Thank you in advance for your help.
I got the SQL tool to change the password for SQL. The good news is we're not using this account on running SQL Service account. We've used some other domain account... So, we just used this domain account to install the sql server and later on we changed it to different account...
Thank you so much for bringing up the AD tool to change the domain account password. May I ask you or anybody who know this AD tool and how I get it/ use it to change the domain account? Thank you in advance for your help.
Sorry. That will have to be someone else. I am not an AD admin, I just work with them :-) .
I understand what I need to know about AD from a DBA standpoint, but that's about it. I don't maintain AD or use it myself to change pwds -- I always worked with a separate AD admin people who used the AD tools themselves.
I understand what I need to know about AD from a DBA standpoint, but that's about it. I don't maintain AD or use it myself to change pwds -- I always worked with a separate AD admin people who used the AD tools themselves.
ASKER
Thank you, Scott for your input.
I'm calling out the AD Admin out there... I told our SysAdmin about the AD tool to change the domain account password. He is asking me the tool name... Could you please provide me that?
I'm calling out the AD Admin out there... I told our SysAdmin about the AD tool to change the domain account password. He is asking me the tool name... Could you please provide me that?
Sorry, as I said, I truly don't know.
I'm only going by what AD admins told me. They have some way they can reset passwords for Windows / domain accounts. C'mon, it only makes sense. Don't know why your sysadmin is pretending not to know how to change the pwd on an acct.
I'm only going by what AD admins told me. They have some way they can reset passwords for Windows / domain accounts. C'mon, it only makes sense. Don't know why your sysadmin is pretending not to know how to change the pwd on an acct.
ASKER
Scott,
Yes, he is pretending or he truly doesn’t know...Anyway, I worry about my part. This domain account 'abc' is running our show literally; it owns all the DBs; and jobs. But the services are running under different domain account/s. So, once the domain account's password changed on the domain level, I just need to change the password using SQL Tool (configuration manager) and it'll be fine. What happens between the password changed on the domain level and password changed on SQL Server level? Don't SQL Server going to freak out in between that time?
Yes, he is pretending or he truly doesn’t know...Anyway, I worry about my part. This domain account 'abc' is running our show literally; it owns all the DBs; and jobs. But the services are running under different domain account/s. So, once the domain account's password changed on the domain level, I just need to change the password using SQL Tool (configuration manager) and it'll be fine. What happens between the password changed on the domain level and password changed on SQL Server level? Don't SQL Server going to freak out in between that time?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you, Scott. I appreciate your input.
Double click the service(Right click-->Properties)
Open in logon tab and change the password....