This script retrieves passwords for SharePoint 2010 Managed accounts. One variable is required, that is the managed account you wish to retrieve.
The script uses two steps to retrieve the password for the managed account and performs all necessary cleanup to ensure we leave the environment in the same state it was before running the script.
More details regarding the script can be found in my blog post:
How to Recover Passwords for SharePoint Managed Accounts
Download the script for a fully commented version.
#Begin Setting Script Variables
$AccountToRetrieve = "Domain\User"
#Create Functions
Function VerifyTimerJob ($Filter)
{
$Timer = Get-SPTimerJob | ? {$_.displayname -like $Filter}
If ($Timer)
{
$timer.Delete()
}
}
#Begin Script
$Farm = get-spfarm | select name
$Configdb = Get-SPDatabase | ? {$_.name -eq $Farm.Name.Tostring()}
$ManagedAccount = get-SPManagedAccount $AccountToRetrieve
$WebApplication = new-SPWebApplication -Name "Temp Web Application" -url "http://tempwebapplication" -port 80 -AuthenticationProvider (New-SPAuthenticationProvider) -DatabaseServer $Configdb.server.displayname -DatabaseName TempWebApp_DB -ApplicationPool "Password Retrieval" -ApplicationPoolAccount $ManagedAccount -hostheader "http://tempwebapplication"
$Password = cmd.exe /c $env:windir\system32\inetsrv\appcmd.exe list apppool "Password Retrieval" /text:ProcessModel.Password
Write-Host "Password for Account " $AccountToRetrieve " is " $Password
$Filter = "Unprovisioning *" + $Webapplication.Displayname + "*"
VerifyTimerJob($Filter)
Remove-SPWebApplication $WebApplication -DeleteIISSite -RemoveContentDatabases -Confirm:$False
VerifyTimerJob($Filter)
$ProvisionJobs = Get-SPTimerJob | ? {$_.displayname -like "provisioning web application*"}
if ($ProvisionJobs)
{
foreach ($ProvisionJob in $ProvisionJobs)
{
$ProvisionJob.Delete()
}
}
#Begin Setting Script Variables $AccountToRetrieve = "Domain\User" #Create Functions Function VerifyTimerJob ($Filter) { $Timer = Get-SPTimerJob | ? {$_.displayname -like $Filter} If ($Timer) { $timer.Delete() } } #Begin Script $Farm = get-spfarm | select name $Configdb = Get-SPDatabase | ? {$_.name -eq $Farm.Name.Tostring()} $ManagedAccount = get-SPManagedAccount $AccountToRetrieve $WebApplication = new-SPWebApplication -Name "Temp Web Application" -url "http://tempwebapplication" -port 80 -AuthenticationProvider (New-SPAuthenticationProvider) -DatabaseServer $Configdb.server.displayname -DatabaseName TempWebApp_DB -ApplicationPool "Password Retrieval" -ApplicationPoolAccount $ManagedAccount -hostheader "http://tempwebapplication" $Password = cmd.exe /c $env:windir\system32\inetsrv\appcmd.exe list apppool "Password Retrieval" /text:ProcessModel.Password Write-Host "Password for Account " $AccountToRetrieve " is " $Password $Filter = "Unprovisioning *" + $Webapplication.Displayname + "*" VerifyTimerJob($Filter) Remove-SPWebApplication $WebApplication -DeleteIISSite -RemoveContentDatabases -Confirm:$False VerifyTimerJob($Filter) $ProvisionJobs = Get-SPTimerJob | ? {$_.displayname -like "provisioning web application*"} if ($ProvisionJobs) { foreach ($ProvisionJob in $ProvisionJobs) { $ProvisionJob.Delete() } }