Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
Windows Server TechCenter
Click to Rate and Give Feedback
TechNet
TechNet Library
Windows Server
Operations
 Modify the Service Account Used by ...
Modify the Service Account Used by an AD LDS Instance

Updated: August 8, 2008

Applies To: Windows Server 2008

You can use the Dsbutil general Active Directory Lightweight Directory Services (AD LDS) management tool to modify service accounts that are used by the AD LDS instances that are installed on your computer.

Membership in Administrators, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).

To modify the service account used by an AD LDS instance

  1. Open a Command Prompt. To open the command prompt, click Start, click Run, and then type cmd.

  2. At the command prompt, type the following command, and then press ENTER:

    net stop <instancename>

    Where <instancename> represents the service name of the AD LDS instance for which you want to change the service account.

  3. At the command prompt, type the following command, and then press ENTER:

    dsdbutil

  4. At the dsdbutil: prompt, type the following command, and then press ENTER:

    activate instance <instancename>

    Where <instancename> represents the service name of the AD LDS instance for which you want to change the service account.

  5. At the dsdbutil: prompt, type the following command, and then press ENTER:

    change service account <accountname> <password>

    Where <accountname> <password> represents the account name and password of the account to be used as the AD LDS service account.

  6. To exit dsdbutil, at the dsdbutil: prompt, type the following command, and then press ENTER:

    quit

  7. To restart the AD LDS instance, at the command prompt, type the following command, and then press ENTER:

    net start <instancename>

Additional considerations

  • When you specify a workstation or domain user account as the service account, the specified account must possess the Log on as a service right. For more information about how to assign the Log on as a service right to an account, see Add the Log on as a service right to an account.

  • The service account that you select must have permission to read and write the AD LDS data and log files in %ProgramFiles%\Microsoft AD LDS\instancename.

  • The service account that you have selected may depend on whether the AD LDS instance participates in a configuration set. It may also depend on the replication security level. For more information, see Administering AD LDS Replication, Sites, and Configuration Sets.

Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
© 2012 Microsoft. All rights reserved. Terms of Use | Trademarks | Privacy Statement
Page view tracker