September 12, 2005 at 5:15 pm
I have the following issue:
Our company has 130 servers running SQL Server 2000 using a windows domain account for running the MSsql service. We want to change the password for this windows domain account without stopping and restarting the SQL servers all at once (it is not fisically possible) and without connecting to each machine and changing the password in MMC Services Snap-in.
I think the best way to do this is to create a new account and change SQL account credentials on every machine one by one.
If you have another suggestion please let me know.
Thanks.
September 13, 2005 at 8:48 am
That sounds like a good approach.
There *should* be a way to use WMI to set the service passwords with a script, but the restart of the services would still have to occur, though it would be automated.
So long, and thanks for all the fish,
Russell Shilling, MCDBA, MCSA 2K3, MCSE 2K3
September 13, 2005 at 3:02 pm
You can change the password on any of the services for SQL without restarting. It just does not take affect until you restart the service. Usually this is not an issue, however if the SQL Agent runs things across servers this can become an issue. It is unfortunate, that a restart of the service is needed. But that's windows authentication at work.
RegardsRudy KomacsarSenior Database Administrator"Ave Caesar! - Morituri te salutamus."
September 13, 2005 at 3:03 pm
Oh, I almost forgot. You're probably changing the account because a DBA left. Well that is really not neccessary if you simply remove interactive logon rights from the domain user account. So what if the password is known.You can't login to the servers with is so it does not matter !
RegardsRudy KomacsarSenior Database Administrator"Ave Caesar! - Morituri te salutamus."
September 13, 2005 at 5:54 pm
Hyena is good tool which will allow you to service account passwords on multiple servers easily. Gert Drapers mentioned a tool called ChngSqlSvcPwd during one of his presentations, which will allow you to change the service account password without restating SQL, however I don't see it posted on his site sqldev.net.
Having recently been through a service acccount change on 50+ servers, I like the approach of creating a new service account instead of changing passwords. It requires a lot more work to setup (ensure same rights, SQL Mail, AD issues), but at least it can be slowly phased in. I also ran into some wierd AD issues when changing the service account which required tying an spn for each server to the service account.
September 15, 2005 at 4:32 am
Thanks for your answers.
I can't just let the password unchanged. Too much personel know it and even if I disable the option "Log on interactively" they still can access any server with a linked server.
September 15, 2005 at 6:47 am
Use the scm command line util that comes with SQL to change pwd, stop services, start services etc
See BOL for more
Knock up a batch file that just need runs on each box, but that can be done via AD; login script etc
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply