November 11, 2019 at 4:28 pm
Good day all.
We have been requested to change our SQL Server Engine/Agent accounts on over 250+ SQL Servers (currently using an AD account). Is there script to do this? Has anyone seen/done anything like this before (and if so how)? Based on everything I read, SQL Configuration Manager is really the "right" way to do this (for which I get). Just would prefer to not have to log in to 250+ servers in a tight time window to complete this.
And I do understand that we could just change the password, but unfortunately people above me with little knowledge of what they are doing have mandated this request. 🙂
Thanks.
November 11, 2019 at 4:33 pm
Mmmm... non-techies taking technical decisions? Time to move on to somewhere where you get a bit more autonomy!
I think you're going to need to bite the bullet and log in to each server and change in SSCM. Before you do, you may want to check out dbatools, to see whether there's a PowerShell script that could save you a lot of effort. Please tell me you're not using the same account for all the servers?
John
November 11, 2019 at 4:50 pm
Thank John. Will check it out.
And yes, unfortunately, within the same domain we are using the same account. I brought this up on nearly my first day with this company (three years ago) and they just shrugged. Since I have no control/rights to create new accounts, this is something that is out of my control. But I rest easy that I brought to their attention. 🙂
Thanks.
November 11, 2019 at 4:54 pm
You should try again. Just because you don't create the account(s), it doesn't mean you can't insist on a different one for each server. If security on just one server is compromised, an attacker will have access not only to all the other servers, but to all external resources that any of the others have access to.
John
November 12, 2019 at 9:28 pm
https://docs.dbatools.io/#Update-DbaServiceAccount or if you want write your own piece of code https://devblogs.microsoft.com/scripting/use-powershell-to-change-sql-server-service-accounts/
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply