This past week I presented at the local Colorado Springs SharePoint User Group meeting on using and customizing STSADM. The talk was really less about STSADM and more about SharePoint administration tips, tricks, and best practices - but we did create a new STSADM command from scratch during the meeting. I've taken what we did during the meeting and reworked it to add proper validation and help documentation and have included it in my download as gl-updateapppoolaccount.
The purpose of the command is to change out the identity of the application pool associated with a specific web site. I thought this might be a good one to demo creating because I noticed that there was no existing command to do this (there's a command to change the password, but not change the account) and I recently ran into a situation where it would be beneficial. As a consultant I often come into environments where the clients MOSS implementation may not have been deployed in the most ideal way. My current client had all three of their MOSS environments (production, test, and development) using the same service accounts. I wanted to be able to work with IT to set each environment to run under their own accounts but I typically prefer to give IT a script that they can run so that they don't have to try and figure out how to do this via Central Admin (in this case the IT staff was not yet trained on SharePoint and timelines didn't allow me to wait for them to be trained). By using a script I could let the IT staff create the new accounts and update SharePoint without having to have them tell me what the passwords were.
The code to update the accounts is really quite simple - all we do is get an SPApplicationPool object via the ApplicationPool property of an SPWebApplication object. We then update the Username and Password properties and then call Update and finally Deploy (which is a member of the SPProcessIdentity class of which the SPApplicationPool class inherits from. Update saves the changes to the configuration database and Deploy will push those changes to each of your web servers.
The help for the command is shown below:
C:\>stsadm -help gl-updateapppoolaccount stsadm -o gl-updateapppoolaccount Updates the user account information for the application pool associated with the given URL. Parameters: -url <web application url> [-userlogin <DOMAIN\user>] [-password <password>] [-type <localservice | networkservice | specificuser> (defaults to specificuser)]
The following table summarizes the command and its various parameters:
|Command Name||Availability||Build Date|
|gl-updateapppoolaccount||WSS v3, MOSS 2007||Released: 10/12/2008
|Parameter Name||Short Form||Required||Description||Example Usage|
|url||Yes||The URL of a web application associated with the application pool whose identity is to be changed. Note that this will not create a new application pool - any other web applications using this same application pool will also be affected.||-url http://portal|
|userlogin||u||No, unless type is specificuser||The user account to set as the identity of the application pool.||-userlogin "domain\user"
|password||pwd||No, Unless type is specificuser||The password associated with the specified user account.||-password "pa$$w0rd"
|type||t||No||Either localservice, networkservice, or specificuser. Defaults to specificuser if not specified.||-type specificuser
The following is an example of how to set the user account for the portal web application:
stsadm -o gl-updateapppoolaccount -url http://portal -userlogin spdev\spportalapppool -password pa$$w0rd