Home Library Wiki Learn Downloads Support Forums Blogs
Sign in | United States - English | |

Updatefarmcredentials: Stsadm operation (Office SharePoint Server)

Updated: June 14, 2007

Applies To: Office SharePoint Server 2007

Updated: 2007-06-14

Operation name: Updatefarmcredentials

Updates the Web application pool for the SharePoint Central Administration Web site and the Windows SharePoint Services Timer service (SPTimer).

Note Note:

The updatefarmcredentials operation must be run on the server that hosts Central Administration. To change any other Web application pool account except the one that is used by Central Administration, use the Updateaccountpassword1 operation.

Syntax

stsadm -o updatefarmcredentials

   [-identitytype] <configurableid/NetworkService>

   [-userlogin] <domain\user name>

   [-password] <password>

   [-local]

   [-keyonly]

Parameters

Parameter Value Required? Description

identitytype

For a service account, the value is in the form:

"NetworkService"

For a configurableid, the value is in the form:

Domain\user_name

Yes

Provides a way to change the farm account from a domain account to a service account (for example, NetworkService).

It also describes the application pool account that you are using as either a built in service account, such as NetworkService, or a configurable ID (for example, Domain\user_name).

The default value is set to configurableid.

userlogin

A valid user name, such as Domain\user_name

No

The user name that you use to log on to the account. The parameter is only required when configurableid is used.

password

No

The password that is associated with the userlogin parameter. The parameter is only required when configurableid is used.

local

<none>

No

Performs the following functions:

  • Updates the local server.

  • Does not start a timer job.

  • Does not update the database.

The local parameter is to be used in situations where the local server failed to update for any reason.

In addition, the local parameter corrects fixes to the local computer only, updating the administration application pool and linked services (for example, SPTimer), and the credential master registry key.

keyonly

<none>

No

Sets the credential master registry key on the local server, but does not provision the new account (that is, change the actual application pool account).

See Also

Links Table
1http://technet.microsoft.com/en-us/library/cc262549.aspx
2http://technet.microsoft.com/en-us/library/cc263417.aspx
3http://support.microsoft.com/kb/934838
4http://go.microsoft.com/fwlink/?LinkId=91709&clcid=0x409
Community Content Add
Annotations FAQ
Updatefarmcredentials in a single-server WSS deployment - what is the right way?
Identitytype possible values are: "NetworkService" or "ConfigurableID"
Changing the farmcredentials in a single-server WSS installation from NetworkService to ConfigurableID returns an error although all the changes seem to be performed properly. The error can be avoided using the -local option of the updatefarmcredentials command but I don't know what are the implications of this. However, access to central admin is then not allowed with the newly configured account (WSS_FARM). Access to CentralAdmin is allowed with any other account previously added to the Farm Admin group.

Why change the farm credentials in a single-server install? To configure incoming email which requires delegating control of an AD OU to the farm account which then needs to be a domain account in the same domain as the exchange server as oppossed to the NetworkService account configured by default at install time.

What is the better way of doing this?
History