ADFS services account password reset

Aamir Masthan 41 Reputation points
2020-03-27T16:39:59.013+00:00

Hello All,

We are planning to reset the password of the service account which is configured to ADFS services.
should we just reset the password and update on ADFS services or should we do anything else apart from the
and what else we should be take care of?

Thanks

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,215 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,184 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Shashi Shailaj 7,581 Reputation points Microsoft Employee
    2020-03-27T17:08:50.737+00:00

    Hello @Aamir Masthan ,

    Yes you can do that . But just to be on the safer side , I would suggest you to take a backup of your ADFS server individually using the ADFS rapid restore tool. Changing and updating the ADFS service account password would not cause any issue as far as my experience goes however just to be on the safer side , I would suggest to take a backup so that you can restore it in case you require to migrate the service to a new server due to any mishap. During restore you can set a new service account as needed because restore procedure backs up the configuration and sets up the permissions on the new service account provided by you again rather than using the old service account.

    Hope the above clarifies your query. In case the information provided in this query helps you , please do accept it as answer so that it helps other community members searching for similar solutions. In case of any further query , feel free to ask and we will be happy to help.

    Thank you.

    1 person found this answer helpful.
    0 comments No comments

  2. Pavon, Raymundo 0 Reputation points
    2023-12-11T21:30:50.48+00:00

    Hi, I changed our ADFS service account password and it broke ADFS. I fixed by reverting back to the old password, but this is the error I was getting after I changed to the new password.

    Why was it unable to reload the change to the configuration? The service account was a domain admin during ADFS install as a requirement. But after the install we removed it from the domain admin group no problem. I wonder is the account has to be a domain admin again to be able to reload the change to the configuration? Or what would cause the event below? TIA

    Log Name:      AD FS/Admin
    Source:        AD FS
    Date:          12/11/2023 11:15:34 AM
    Event ID:      221
    Task Category: None
    Level:         Error
    Keywords:      AD FS
    User:          JENNER\SWERVICE ACCOUNT
    Computer:      SERVER NAME
    Description:
    A change to the token service configuration was detected, but there was an error reloading the changes to configuration. 
    
    Additional Data 
    Error:  
    The user name or password is incorrect.
    
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="AD FS" Guid="{2ffb687a-1571-4ace-8550-47ab5ccae2bc}" />
        <EventID>221</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000001</Keywords>
        <TimeCreated SystemTime="2023-12-11T17:15:34.3130081Z" />
        <EventRecordID>460240</EventRecordID>
        <Correlation />
        <Execution ProcessID="5692" ThreadID="5476" />
        <Channel>AD FS/Admin</Channel>
        <Computer>SERVER NAME</Computer>
        <Security UserID="S-1-5-21-101271979-171342241-618671499-84394" />
      </System>
      <UserData>
        <Event xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">
          <EventData>
            <Data>The user name or password is incorrect.
    </Data>
          </EventData>
        </Event>
      </UserData>
    </Event>
    
    0 comments No comments