This is one that I’ve been wanting to address for a while and I finally decided to sit down and just do it. If you’ve had your environment in place long enough to have to change the passwords you know that you can change most of the passwords using the out of the box STSADM commands – many refer to this support article from Microsoft on how to do this: http://support.microsoft.com/kb/934838.
Because there’s so many accounts to change and so many places to visit this is definitely one of those things you want to have scripted (just be careful where you store your script). If you look at the article though you’ll notice that it doesn’t address updating the user profile import account and it mentions that you have to manually change the default content access account. I already have a command to change the user profile import account but I didn’t have anything for changing the default content access account and having scripts with manual steps just kind of defeats the purpose in my opinion. So, I created a new command which I called gl-updatedefaultcontentaccessaccount.
Setting the default content access account through code is real easy – you just call the SetDefaultGatheringAccount method of an instance of the Content class which can be obtained by calling the static GetContext method from the SearchContext object:
1/// <summary>
2/// Updates the account.
3/// </summary>
4/// <param name="sspName">Name of the SSP.</param>
5/// <param name="user">The user.</param>
6/// <param name="pwd">The PWD.</param>
7public static void UpdateAccount(string sspName, string user, string pwd)
8{
9 ServerContext context;
10 if (string.IsNullOrEmpty(sspName))
11 context = ServerContext.Default;
12 else
13 context = ServerContext.GetContext(sspName);
14
15 SearchContext parent = SearchContext.GetContext(context);
16
17 Content content = new Content(parent);
18 try
19 {
20 content.SetDefaultGatheringAccount(user, Utilities.CreateSecureString(pwd));
21 }
22 catch (RemotingException)
23 {
24 throw new Exception("Invalid login.");
25 }
26 catch (COMException)
27 {
28 throw new Exception("Invalid login.");
29 }
30}
The help for the command is shown below:
C:\>stsadm -help gl-updatedefaultcontentaccessaccount
stsadm -o gl-updatedefaultcontentaccessaccount
Sets the account to use as the default account when crawling content. This account must have read access to the content being crawled. To avoid crawling unpublished versions of documents, ensure that this account is not an administrator on the target server.
Parameters:
[-ssp <SSP name>]
-username <DOMAIN\name>
-password <password>
The following table summarizes the command and its various parameters:
| Command Name | Availability | Build Date |
|---|---|---|
| gl-updatedefaultcontentaccessaccount | MOSS 2007 | Released: 8/15/2008 |
| Parameter Name | Short Form | Required | Description | Example Usage |
|---|---|---|---|---|
| ssp | No | The SSP that the account is associated with. If omitted then the default SSP is used. | -ssp SSP1 | |
| username | u | Yes | The username of the account to use. The account must have read access to the content being crawled. To avoid crawling unpublished versions of documents, ensure that the account is not an administrator on the target server. | -username "domain\sspcontent", -u "domain\sspcontent" |
| password | pwd | Yes | The password associated with the specified username. | -password "pa$$w0rd", -pwd "pa$$w0rd" |
The following is an example of how to set the default content access account:
stsadm -o gl-updatedefaultcontentaccessaccount -username "domain\sspcontent" -password "pa$$w0rd"
I’ll follow up this post with a sample password change script that I use which includes this command.