View Complete Thread
  • RELIABLE iterative search-and-update of password for service account used in IIS:\\SITES

    Aug 23, 2019 08:03 AM|tmsatgmail|LINK


    Has anybody out there found an effective and reliable solution that can refresh any instance of a service account's password and confirm successful update of ALL matching physical paths, virtual directory defaults etc.?

    Because I've been trying for days to build one that'll actually work properly, without any success.

    A behemoth of an application which I shan't name has configured a gazillion websites, app pools, virtual directories, COM+ objects, DCOM objects, Scheduled Tasks, and more to all use the same AD service account. This means that every time the service account's password is updated, every single instance of the password has to be updated manually - and it can take a DAY to do that.

    I have built an automation script that will hunt down affected scheduled tasks, COM+, DCOM and IIS:\AppPools processmodel entries, which works nicely.

    But the result from doing something similar inside IIS:\Sites is just too unreliable and inconsistent.

    For example, VirtualDirectoryDefaults.LogonMethod ALWAYS returns the correct value, even if VirtualDirectoryDefaults.UserName doesn't. I'm currently looking at four sites which resolutely tell me UserName is empty when I can see that service account is configured in the UI.

    Obviously, I can't release the automation script if it updates everything correctly EXCEPT the IIS virtual directory default credentials, physical path credentials etc. This is literally the only thing I cannot get working.

    Thanks in advance!


    I have already forensically tested just about every permutation of the standard approaches that you can possibly think of - Get-WebVirtualDirectory with Set-WebConfigurationProperty, VirtualDirectoryDefaults logic is per standard code samples), These are the methods that I'm getting inconsistent results from.

    What I'm looking for is a wrapper function with some validation, i.e. it actually confirms that the username did match the search argument, the old password was different to the new password, the new password was saved successfully etc.