Question

Spiff44 on Fri, 24 Apr 2020 15:46:40



Hello  (EDITED ORGINAL MSG WITH MORE ACCURATE INFO)

They're Windows service accounts for IBM Workload Scheduler.  Right now we have to log into every windows box and update each service.  The problem is that the plan/database is likely to crash when things are out of sync.  So we're looking for a way to do this on 100+ boxes within 15 minutes to minimize this possibility.   We have no normal maintenance window that this can be done in.  Historically this was done only done during an upgrade, the last being quite a while back, so a password change is long overdue in the environment.  But we don't want to keep waiting for the next patch to have this done.

And then there would be the issue of how to test something like this since as far as I know there is no way to replicate such a mass change in a lab environment.  I mean you can try to scale up metrics from a small subset of machines but there isn't a way to know how the network would react once you tried to do the real deal.

Any help and suggestions will be greatly appreciated.

Spiff



Replies

Tom Phillips on Fri, 24 Apr 2020 17:13:39


You said "SQL password changes", then said "AD accounts".  Passwords for AD accounts are not stored on the SQL Server.   AD password changes are controlled by the Domain controller.

Are you asking about SQL logins or AD logins to SQL Server?

Spiff44 on Fri, 24 Apr 2020 21:06:28


Actually I was way off, sorry.  I was being tasked with finding this solution without being directly involved.  They are not SQL servers at all..

They're Windows service accounts for IBM Workload Scheduler.  Right now we have to log into every windows box and update each service.  The problem is that the plan/database is likely to crash when things are out of sync.  So we're looking for a way to do this on 100+ boxes within 15 minutes to minimize this possibility.   We have no normal maintenance window that this can be done in.  Historically this was only done during an upgrade, the last being quite a while back, so a password change is long overdue in the environment.  But we don't want to keep waiting for the next patch to have this done.

And then there would be the issue of how to test something like this since as far as I know there is no way to replicate such a mass change in a lab environment.  I mean you can try to scale up performance metrics from a small subset of machines but there isn't a way to know how the network would react once you tried to do the real deal.

Any help and suggestions will be greatly appreciated.



MIAOYUXI on Mon, 27 Apr 2020 03:28:40


Hi Spiff44,

I have no experience about IBM Workload Scheduler, so can not give more useful tips for you.

You can get more helpful replies in IBM_forums.

Best Regards.

yuxi


Tom Phillips on Mon, 27 Apr 2020 12:28:01


It sounds like you are talking about Windows Service accounts.

You can use something like this:

https://gallery.technet.microsoft.com/scriptcenter/79644be9-b5e1-4d9e-9cb5-eab1ad866eaf

https://mcpmag.com/articles/2015/01/22/password-for-a-service-account-in-powershell.aspx

Spiff44 on Mon, 27 Apr 2020 15:13:48


Thanks everyone.  That was our thought as well, that something as lightweight as possible might be the way to go.  Something like Powershell.

MIAOYUXI on Tue, 28 Apr 2020 01:01:25


Hi Spiff44,

Is the reply helpful?

Best Regards.

yuxi