MOSS MVP

I've moved my blog to http://blog.falchionconsulting.com!. Please update your links. This blog is no longer in use--you can find all posts and comments at my new blog; I will no longer be posting to this site and comments have been disabled.

Saturday, August 16, 2008

Updating the Default Content Access Account via STSADM

This is one that I've been wanting to address for a while and I finally decided to sit down and just do it.  If you've had your environment in place long enough to have to change the passwords you know that you can change most of the passwords using the out of the box STSADM commands - many refer to this support article from Microsoft on how to do this: http://support.microsoft.com/kb/934838.

Because there's so many accounts to change and so many places to visit this is definitely one of those things you want to have scripted (just be careful where you store your script).  If you look at the article though you'll notice that it doesn't address updating the user profile import account and it mentions that you have to manually change the default content access account.  I already have a command to change the user profile import account but I didn't have anything for changing the default content access account and having scripts with manual steps just kind of defeats the purpose in my opinion.  So, I created a new command which I called gl-updatedefaultcontentaccessaccount.

Setting the default content access account through code is real easy - you just call the SetDefaultGatheringAccount method of an instance of the Content class which can be obtained by calling the static GetContext method from the SearchContext object:

   1: /// <summary>
   2: /// Updates the account.
   3: /// </summary>
   4: /// <param name="sspName">Name of the SSP.</param>
   5: /// <param name="user">The user.</param>
   6: /// <param name="pwd">The PWD.</param>
   7: public static void UpdateAccount(string sspName, string user, string pwd)
   8: {
   9:     ServerContext context;
  10:     if (string.IsNullOrEmpty(sspName))
  11:         context = ServerContext.Default;
  12:     else
  13:         context = ServerContext.GetContext(sspName);
  14:  
  15:     SearchContext parent = SearchContext.GetContext(context);
  16:    
  17:     Content content = new Content(parent);
  18:     try
  19:     {
  20:         content.SetDefaultGatheringAccount(user, Utilities.CreateSecureString(pwd));
  21:     }
  22:     catch (RemotingException)
  23:     {
  24:         throw new Exception("Invalid login.");
  25:     }
  26:     catch (COMException)
  27:     {
  28:         throw new Exception("Invalid login.");
  29:     }
  30: }

The help for the command is shown below:

C:\>stsadm -help gl-updatedefaultcontentaccessaccount

stsadm -o gl-updatedefaultcontentaccessaccount


Sets the account to use as the default account when crawling content.  This account must have read access to the content being crawled. To avoid crawling unpublished versions of documents, ensure that this account is not an administrator on the target server.

Parameters:
        [-ssp <SSP name>]
        -username <DOMAIN\name>
        -password <password>

The following table summarizes the command and its various parameters:

Command Name Availability Build Date
gl-updatedefaultcontentaccessaccount MOSS 2007 Released: 8/15/2008

Parameter Name Short Form Required Description Example Usage
ssp   No The SSP that the account is associated with.  If omitted then the default SSP is used. -ssp SSP1
username u Yes The username of the account to use.  The account must have read access to the content being crawled.  To avoid crawling unpublished versions of documents, ensure that the account is not an administrator on the target server. -username "domain\sspcontent"

-u "domain\sspcontent"
password pwd Yes The password associated with the specified username. -password "pa$$w0rd"

-pwd "pa$$w0rd"

The following is an example of how to set the default content access account:

stsadm -o gl-updatedefaultcontentaccessaccount -username "domain\sspcontent" -password "pa$$w0rd"

I'll follow up this post with a sample password change script that I use which includes this command.

No comments: