function Bindings() { return [System.Reflection.BindingFlags]::CreateInstance -bor [System.Reflection.BindingFlags]::GetField -bor [System.Reflection.BindingFlags]::Instance -bor [System.Reflection.BindingFlags]::NonPublic } function GetFieldValue([object]$o, [string]$fieldName) { $bindings = Bindings return $o.GetType().GetField($fieldName, $bindings).GetValue($o); } function ConvertTo-UnsecureString([System.Security.SecureString]$string) { $intptr = [System.IntPtr]::Zero $unmanagedString = [System.Runtime.InteropServices.Marshal]::SecureStringToGlobalAllocUnicode($string) $unsecureString = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($unmanagedString) [System.Runtime.InteropServices.Marshal]::ZeroFreeGlobalAllocUnicode($unmanagedString) return $unsecureString } Get-SPManagedAccount | select UserName, @{Name="Password"; Expression={ConvertTo-UnsecureString (GetFieldValue $_ "m_Password").SecureStringValue}}
You should see a result like this:
Things to Watch Out
Some tricky things might happen when you execute this script. So, If you run this script and…
- All passwords displayed are BLANK: check your current logged account permissions (remember, farm admin rights)
- Some of the passwords displayed are BLANK: the accounts are likely out-of-synch with Active Directory ..ouch!
Accounts Out-of-Synch With AD
if you have multiple farms or geographically distributed farms, do not be surprised if after you setup the Auto-Reset Managed Accounts Password you see them out-of-synch with AD. If you experience that, try to run the following command:
Repair-SPManagedAccountDeployment
This will redeploy all the credentials and checks if the current farm passphrase is consistent across all the servers. This command will also tell you if any accounts are broken. In that case you should see a screen similar to the below:
in that case you can try to…
Set the Managed Account Password Manually
Run the following command:
Set-SPManagedAccount -UseExistingPassword
This will allow to enter the password for the managed account. This command is the same used to set the password. You will see a screen similar to the below where you will manually enter the
If when trying to execute the command, you receive an error message like the one below,
then make sure the SharePoint Timer Jobs are running in all the servers. I hope all these experiences I’ve had help you and maybe save some of your precious time.
By Edge Pereira
No comments:
Post a Comment