In the event of a DBA leaving an organization, what options can the surviving team members pursue to change passwords for service accounts portfolio-wide? While using Configuration Manager appears to be the de-facto method, can PowerShell or another scripting or batch language be used to reset them in bulk? I figure if you're changing the login name for the service accounts, Configuration Manager is essential as registry permissions and the like need to be propagated. For just a password change to the existing account however, is a scriptable method OK as long as it's performed during approved maintenance windows for the service restarts?
Sql-server – Changing SQL Server service account passwords enterprise-wide
Securityservice-accountssql server
Related Question
- Sql-server – What am I missing for the SSRS Service account local server permissions
- Sql-server – What are points to consider when replacing the SQL Server service account
- Sql-server – SQL Server 2014 FCI Add Port
- Sql-server – How to manage service account passwords
- Sql-server – ISO 27001 – resetting passwords for SQL Server accounts
- Sql-server – Does changing “sa” password require a SQL restart (in mixed mode)
Best Answer
Option 1
I would probably take advantage of using a Central Management Server to run the password change script across all the different servers at once. This should provide an easy method for verifying the output from each server while keeping it easy to manage by executing once for all target servers.
Option 2
If I was doing this in a tighter change management system, then I might consider scripting it as a batch file and having a sqlcmd execution output a separate log file for each server. This would verify the changes and keep record of them more reliably than doing it in SQL Management Studio.
I don't think there is necessarily a "right" method here, just depends on what meets your requirements best.