commands

^

Update-DbaServiceAccount

Author Kirill Kravtsov (@nvarscar)
Availability Windows, Linux, macOS

 

Want to see the source code for this command? Check out Update-DbaServiceAccount on GitHub.
Want to see the Bill Of Health for this command? Check out Update-DbaServiceAccount.

Synopsis

Changes service account (or just its password) of the SQL Server service.

Description

Reconfigure the service account or update the password of the specified SQL Server service. The service will be restarted in the event of changing the account.

The command is only supported for SQL Server engine and agent service of supported versions of SQL Server. It might fail for older versions or other services.

Syntax

Update-DbaServiceAccount
    [-ComputerName <DbaInstanceParameter[]>]
    [-Credential <PSCredential>]
    [-ServiceName] <String[]>
    [-Username <String>]
    [-ServiceCredential <PSCredential>]
    [-PreviousPassword <SecureString>]
    [-SecurePassword <SecureString>]
    [-NoRestart]
    [-EnableException]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Update-DbaServiceAccount
    [-Credential <PSCredential>]
    -InputObject <Object[]>
    [-Username <String>]
    [-ServiceCredential <PSCredential>]
    [-PreviousPassword <SecureString>]
    [-SecurePassword <SecureString>]
    [-NoRestart]
    [-EnableException]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

 

Examples

 

Example: 1
PS C:\> $SecurePassword = (Get-Credential NoUsernameNeeded).Password
PS C:\> Update-DbaServiceAccount -ComputerName sql1 -ServiceName 'MSSQL$MYINSTANCE' -SecurePassword $SecurePassword

Changes the current service account's password of the service MSSQL$MYINSTANCE to 'Qwerty1234'

Example: 2
PS C:\> $cred = Get-Credential
PS C:\> Get-DbaService sql1 -Type Engine,Agent -Instance MYINSTANCE | Update-DbaServiceAccount -ServiceCredential $cred

Requests credentials from the user and configures them as a service account for the SQL Server engine and agent services of the instance sql1\MYINSTANCE

Example: 3
PS C:\> Update-DbaServiceAccount -ComputerName sql1,sql2 -ServiceName 'MSSQLSERVER','SQLSERVERAGENT' -Username NETWORKSERVICE

Configures SQL Server engine and agent services on the machines sql1 and sql2 to run under Network Service system user.

Example: 4
PS C:\> Get-DbaService sql1 -Type Engine -Instance MSSQLSERVER | Update-DbaServiceAccount -Username 'MyDomain\sqluser1'

Configures SQL Server engine service on the machine sql1 to run under MyDomain\sqluser1. Will request user to input the account password.

Example: 5
PS C:\> Get-DbaService sql1 -Type Engine -Instance MSSQLSERVER | Update-DbaServiceAccount -Username 'MyDomain\sqluser1' -NoRestart

Configures SQL Server engine service on the machine sql1 to run under MyDomain\sqluser1. Will request user to input the account password.
Will not restart, which means the changes will not go into effect, so you will still have to restart during your planned outage window.

Required Parameters

-InputObject

A collection of services. Basically, any object that has ComputerName and ServiceName properties. Can be piped from Get-DbaService.

Alias ServiceCollection
Required True
Pipeline true (ByValue)
Default Value
-ServiceName

A name of the service on which the action is performed. E.g. MSSQLSERVER or SqlAgent$INSTANCENAME

Alias Name,Service
Required True
Pipeline false
Default Value

Optional Parameters

-ComputerName

The target SQL Server instance or instances.

Alias cn,host,Server
Required False
Pipeline false
Default Value $env:COMPUTERNAME
-Credential

Windows Credential with permission to log on to the server running the SQL instance

Alias
Required False
Pipeline false
Default Value
-Username

Username of the service account. Cannot be used with -ServiceCredential. For local service accounts use one of the following usernames omitting the -SecurePassword parameter:
LOCALSERVICE
NETWORKSERVICE
LOCALSYSTEM

Alias User
Required False
Pipeline false
Default Value
-ServiceCredential

Windows Credential object under which the service will be setup to run. Cannot be used with -Username. For local service accounts use one of the following usernames with empty password:
LOCALSERVICE
NETWORKSERVICE
LOCALSYSTEM

Alias
Required False
Pipeline false
Default Value
-PreviousPassword

An old password of the service account. Optional when run under local admin privileges.

Alias
Required False
Pipeline false
Default Value (New-Object System.Security.SecureString)
-SecurePassword

New password of the service account. The function will ask for a password if not specified. MSAs and local system accounts will ignore the password.

Alias Password,NewPassword
Required False
Pipeline false
Default Value (New-Object System.Security.SecureString)
-NoRestart

Do not immediately restart the service after changing the password.
Note that the changes will not go into effect until you restart the SQL Services

Alias
Required False
Pipeline false
Default Value False
-EnableException

By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.

Alias
Required False
Pipeline false
Default Value False
-WhatIf

Shows what would happen if the command were to run. No actions are actually performed.

Alias wi
Required False
Pipeline false
Default Value
-Confirm

Prompts you for confirmation before executing any changing operations within the command.

Alias cf
Required False
Pipeline false
Default Value