Changing the MOM 2005 Action Account and DAS Account
Action Account
To change the Management Server action account that was configured by MOM Management Server Installation, You need to use a command line tool - SetActionAccount.exe to view and modify the action account on the Management Server of the existing MOM deployment.
*The Management Server's Action account is used to gather information about, and run responses on, the Management Server and can be used for installing and uninstalling agents on remote computers and updating settings on agents. The agent's action account is used to gather information about, and run responses on, the managed computer. Several MOM processes run under the action account, including the processes that host MOM response scripts and managed code responses. The main purpose of the action account is to control the permissions and security for these processes, and the scripts and assemblies that they execute.
To view the existing action account:
SetActionAccount.exe ManagementGroupName -query
To Change the existing action account:
SetActionAccount.exe -set DomainName UserName
DAS Account
Sometimes, you may need to change the password of the existing DAS Account to meet the company's password policy.
To update the DAS Account Password:
|
1. |
Change the accounts password on the local computer or the domain. If this is a local account you can do this using the Local Users and Groups snap-in. If this is a domain account, you can use the Active Directory Users and Computers snap-in. |
|
2. |
Update the password for the Identity for the Microsoft Operations Manager Data Access Server COM+ application. You can do this in the Component Services snap-in. And then stop the MOM service if needed*. |
|
3. |
Stop the COM+ application and then restart the MOM service and COM+ application. |
* If you are changing the Management Server Action Account and the DAS account at the same time, you must change the Action Account first, then the DAS account, and then stop the MOM Service before stopping the COM+ application. Starting the MOM Service will also start the COM+ application.
If the MOM Service will not start, it might be because the DAS account has not been changed properly or the password has expired.
To change the DAS Account:
You can change which account MOM uses for the Data Access Service (DAS) functionality. If the Management Server and MOM Database are installed on different computers, the account used for the DAS can be a domain user account. If the Management Server and MOM Database are installed on the same computer, the DAS account can be the LocalService account. The account with at least the following properties:
| • |
Member of the MOM Users group on the Management Server. |
| • |
A SQL Server Logon with "Permit" server access and "db_owner" (DBO) access to the OnePoint database on the MOM Database Server. |
| • |
A SQL Server Security Login with "Permit" server access. |
| • |
The DAS account must also be a member of the SC DW DTS security groups on the MOM Reporting Server and MOM Database Server, if MMPC is installed using the DAS account. |