How To Get the Managed Accounts Password in SharePoint 2010

This script I’ve got some time ago from a Microsoft Field Engineer. It is ok to share (you can find this same utility here and a more elaborated version here). Make sure to run this script in the SharePoint Management Shell, using an account with Farm Admin privileges.
function Bindings()
    return [System.Reflection.BindingFlags]::CreateInstance -bor
    [System.Reflection.BindingFlags]::GetField -bor
    [System.Reflection.BindingFlags]::Instance -bor

function GetFieldValue([object]$o, [string]$fieldName)
    $bindings = Bindings
    return $o.GetType().GetField($fieldName, $bindings).GetValue($o);

function ConvertTo-UnsecureString([System.Security.SecureString]$string) 
    $intptr = [System.IntPtr]::Zero
    $unmanagedString = [System.Runtime.InteropServices.Marshal]::SecureStringToGlobalAllocUnicode($string)
    $unsecureString = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($unmanagedString)
    return $unsecureString

Get-SPManagedAccount | select UserName, @{Name="Password"; Expression={ConvertTo-UnsecureString (GetFieldValue $_ "m_Password").SecureStringValue}}

You should see a result like this:


Things to Watch Out

Some tricky things might happen when you execute this script. So, If you run this script and…

  • All passwords displayed are BLANK: check your current logged  account permissions (remember, farm admin rights)

  • Some of the passwords displayed are BLANK: the accounts are likely out-of-synch with Active Directory ..ouch!

Accounts Out-of-Synch With AD

if you have multiple farms or geographically distributed farms, do not be surprised if after you setup the Auto-Reset Managed Accounts Password you see them out-of-synch with AD. If you experience that, try to run the following command:


This will redeploy all the credentials and checks if the current farm passphrase is consistent across all the servers. This command will also tell you if any accounts are broken. In that case you should see a screen similar to the below:


in that case you can try to…

Set the Managed Account Password Manually

Run the following command:

Set-SPManagedAccount -UseExistingPassword

This will allow to enter the password for the managed account. This command is the same used to set the password. You will see a screen similar to the below where you will manually enter the set-sharepoint-managed-accounts-password


If when trying to execute the command, you receive an error message like the one below,


then make sure the SharePoint Timer Jobs are running in all the servers. I hope all these experiences I’ve had help you and maybe save some of your precious time.


No comments:

Post a Comment