Automatic Password Change and Managed Accounts
Last modified: April 07, 2010
Applies to: SharePoint Foundation 2010
The new automatic password change feature in Microsoft SharePoint Foundation enables you to update and deploy passwords without having to perform manual password update tasks across multiple accounts, services, and Web applications. This makes managing password in SharePoint Foundation simpler. You can use the automatic password change feature to determine whether a password is about to expire and to reset the password by using a long, cryptographically strong random string.
You use managed accounts to implement the automatic password change feature. Managed accounts in SharePoint Foundation improve security and ensure application isolation. With managed accounts, you can:
Configure the automatic password change feature to deploy passwords across all services in the farm.
Configure SharePoint Web applications and services, that are running on application servers in a SharePoint farm, to use different domain accounts.
Map managed accounts to various services and Web applications in the farm.
Create multiple accounts in Active Directory Domain Services (AD DS), and then register each of these accounts in SharePoint Foundation.
You can also register managed accounts and enable SharePoint Foundation to control account passwords. Users have to be notified about planned password changes and related service interruptions, but the accounts used by a SharePoint farm, Web applications, and various services can be automatically reset and deployed within the farm as necessary, based on individually configured password reset schedules.
Operations that you can use the SPManagedAccount class to perform include:
Set a password change schedule
Propagate password change
Find out when a password was last changed
Enforce minimum length for password
For more information about the managed account API, see the following links: