by

How To Get the Managed Accounts Password in SharePoint 2010

This script I’ve got some time ago from a Microsoft Field Engineer. It is ok to share (you can find this same utility here and a more elaborated version here). Make sure to run this script in the SharePoint Management Shell, using an account with Farm Admin privileges.
function Bindings()
{
    return [System.Reflection.BindingFlags]::CreateInstance -bor
    [System.Reflection.BindingFlags]::GetField -bor
    [System.Reflection.BindingFlags]::Instance -bor
    [System.Reflection.BindingFlags]::NonPublic
}

function GetFieldValue([object]$o, [string]$fieldName)
{
    $bindings = Bindings
    return $o.GetType().GetField($fieldName, $bindings).GetValue($o);
}

function ConvertTo-UnsecureString([System.Security.SecureString]$string) 
{ 
    $intptr = [System.IntPtr]::Zero
    $unmanagedString = [System.Runtime.InteropServices.Marshal]::SecureStringToGlobalAllocUnicode($string)
    $unsecureString = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($unmanagedString)
    [System.Runtime.InteropServices.Marshal]::ZeroFreeGlobalAllocUnicode($unmanagedString)
    return $unsecureString
}

Get-SPManagedAccount | select UserName, @{Name="Password"; Expression={ConvertTo-UnsecureString (GetFieldValue $_ "m_Password").SecureStringValue}}


You should see a result like this:


get-sharepoint-2010-service-accounts-password-powershell


Things to Watch Out



Some tricky things might happen when you execute this script. So, If you run this script and…



  • All passwords displayed are BLANK: check your current logged  account permissions (remember, farm admin rights)


  • Some of the passwords displayed are BLANK: the accounts are likely out-of-synch with Active Directory ..ouch!


Accounts Out-of-Synch With AD



if you have multiple farms or geographically distributed farms, do not be surprised if after you setup the Auto-Reset Managed Accounts Password you see them out-of-synch with AD. If you experience that, try to run the following command:



Repair-SPManagedAccountDeployment



This will redeploy all the credentials and checks if the current farm passphrase is consistent across all the servers. This command will also tell you if any accounts are broken. In that case you should see a screen similar to the below:


repair-sharepoint-managed-accounts-powershell


in that case you can try to…


Set the Managed Account Password Manually



Run the following command:



Set-SPManagedAccount -UseExistingPassword





This will allow to enter the password for the managed account. This command is the same used to set the password. You will see a screen similar to the below where you will manually enter the set-sharepoint-managed-accounts-password


 


If when trying to execute the command, you receive an error message like the one below,


error-deploying-administration-application-pool-credentials-another-deployment-may-be-active


then make sure the SharePoint Timer Jobs are running in all the servers. I hope all these experiences I’ve had help you and maybe save some of your precious time.


By