Change passwords for profile import (Office SharePoint Server)
Updated: April 19, 2007
Applies To: Office SharePoint Server 2007
Use this procedure to change the password for the default access account that is used for profile import. If the account password expires and the password is not changed, user profile information cannot be imported into Profile Services from the Active Directory directory service. This might lead to user information being inaccurate. For more information about Profile Services, see Plan for people and user profiles.
This procedure can be performed only after the password has been changed on the domain controller. The credentials entered are checked against those on the domain controller. If you enter the new password before the password has been changed on the domain controller, an error will result and the profile import settings will not be changed.
This procedure needs to be run only on the server that is running the SharePoint Central Administration Web site.
Membership in the Farm Administrators group (WSS_RESTRICTED_WPG Windows security group), or equivalent, is required to complete this procedure.
Change the password for the profile import account
In the Central Administration Web site, on the left navigation bar, under Shared Services Administration, click the SSP you want to configure.
On the home page of the Shared Services Administration Web site, under User Profiles and My Sites, click User profiles and properties.
On the User Profiles and Properties page, click Configure profile import.
On the Configure Profile Import page, under Default Access Account, type the new password in the Password and Confirm password boxes.
Click OK to save the changes.
About the default access account
Each Shared Services Provider (SSP) has an account that is used for profile import, which is called the default access account. This account must be a domain account that has read access to the directory source. The directory source can be Active Directory, a Lightweight Directory Access Protocol (LDAP) directory, a Business Data Catalog application, or other directory source.
For an Active Directory connection that enables "Server Side Incremental," the account must have the Replicate Changes permission for Active Directory provided by Microsoft Windows 2000 Server. Contact the domain administrator to request the appropriate security changes. That permission is not required for Active Directory in Microsoft Windows Server 2003.
If no account is specified, the default content access account is used. If the default content access account does not have read access to the directory or directories that you want to import data from, you must use a different account. For more information, see Plan for administrative and service accounts (Office SharePoint Server).