Change the Cluster service account password
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To change the Cluster service account password
Log on to a computer in the domain. The account you use to log in must belong to the local administrative group on all the cluster nodes.
Important
To be able to change the Cluster service account password, you must have appropriate security administrative rights and permissions to be able to traverse directories in the cluster domain even if you do not have user rights on the traversed directory (Bypass traverse checking). By default, this user right is enabled for all users, but some administrators may disable it for everyone.
For more information, see "Bypass traverse checking" in Related Topics.
For multiple clusters that use the same Cluster service account, it is highly recommended that you change the password for all the clusters at the same time.
You can only use this procedure to change the Cluster service account if applications (for example, Microsoft SQL Server 2000) do not use the same account as the Cluster service account. If you use this procedure on a server cluster where the Cluster service and one or more applications use the same account, your cluster applications may not function correctly. To resolve this problem, change the application account password (see your application's documentation for details).
Open Command Prompt
Type the following command, using the table below as a guide:
cluster/cluster:cluster_name1[,cluster_name2, ...] /changepass[word][:new_password[,old_password]] [/skipdc] [/force] [**/**options]
For more information on the other optional password change cluster.exe commands, see "Cluster" in Related Topics.
Argument Description /cluster:cluster_name1[,cluster_name2, ...]
Identifies the cluster(s) for the account password change. If multiple clusters are specified in one operation, they must all use the same Cluster service account. If some nodes are unavailable, the account password is not changed on any of the nodes nor on the domain controller.
/changepass[word][:new_password[,old_password]]
Changes the Cluster service account password on the domain controller and all the cluster nodes from old_password to new_password. If not supplied as part of the command, you will be prompted to provide the new_password and/or the old_password. You can specify a blank password by supplying two double quotes ("").
/skipdc
Changes the Cluster service account password only on the cluster nodes. You can use this command if you previously issued a cluster /changepass command for multiple clusters and the Cluster service account password was not updated on all the clusters, for whatever reason. If you use this argument, you do not have to supply the old_password parameter.
/force
Forces the execution of the password change command on the available nodes in the cluster even if some of the cluster nodes are not available.
Important
- Any node that is down when the password is changed will be unable to later join the cluster until the Cluster service account password for that node is updated manually using Computer Management.
For the first example, to change the password for clusters CLUS1 and CLUS2 from B2PartTwo! to WordTestPassPartOne! on the domain controller and on all cluster nodes, type:
cluster /cluster:CLUS1,CLUS2 /changepass:WordTestPassPartOne!, B2PartTwo!
For the second example, if 2 of the nodes in cluster CLUS1 were down, you could force this password change on the domain controller and on all available cluster nodes in CLUS1 by typing:
cluster /cluster:CLUS1 /changepass:WordTestPassPartOne!, B2PartTwo! /force
- Any node that is down when the password is changed will be unable to later join the cluster until the Cluster service account password for that node is updated manually using Computer Management.
Notes
To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command prompt.
To view the complete syntax for this command, at a command prompt, type:
cluster /changepass /?
If you do not use the /force command in a cluster where some of the nodes are unavailable, the Cluster service password for any available cluster nodes or the domain controller will not be updated.
You cannot use this method to change the Cluster service account password if some nodes in the cluster are running Windows NT or Windows 2000, while others are running Windows Server 2003 family operating systems.
Information about functional differences
- Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.
See Also
Concepts
Cluster
Reset a user password
Domain accounts and the Cluster service
Bypass traverse checking