Creating a service account for IISADMPWD Replacement

  1. Home
  2. Knowledge Base
  3. IISADMPWD Replacement
  4. Creating a service account for IISADMPWD Replacement

With the advent of the two Microsoft Windows Updates:

https://support.microsoft.com/en-us/kb/3177108
https://support.microsoft.com/en-us/kb/3167679

Web Active Directory recommends that you create a service account in your Active Directory domain dedicated to creating new accounts for IISADMPWD Replacement.  IISADMPWD Replacement can use the service account to bind to your Active Directory to perform password changes.

By default accounts in Active Directory have the permissions to change passwords, please see:

http://webactivedirectory.com/knowledge-base/permissions-service-account-needs-reset-change-ad-passwords-unlock-ad-accounts/

When telling IISADMPWD Replacement to make use of this service account, please use the full userPrincipalName of the service account.  (See the following screenshot where “rbjdev@rad.local”, the full UPN, is used):

IISADMPWD Replacement Service Account

 

As of the time of this writing, use of such a service account can avoid these kinds of errors introduced by Windows Updates:

http://webactivedirectory.com/knowledge-base/error-message-trying-change-password-exception-hresult-0x800704f1/

Was this article helpful?

Related Articles

Sign in
classic
Forgot password?
×
Sign up

(*) Required fields

I agree with OptimaSales Terms & Privacy Policy

×