Update or Change Service Account Password using PowerShell

SharePoint 2013 SP Managed Account:-

- Service accounts are accounts in Active Directory or you local system that are used by a Service (example: running the SQL Server Agent, Running the Search Crawler).
- Managed accounts are Service Accounts in Active Directory or your local system that are managed by SharePoint (example: automatic password management).
The difference between them is that the Managed Accounts are managed by SharePoint, while a regular Service account is not managed by SharePoint.

Get-SPManagedAccount

Retrieves accounts registered in the configuration database.
Syntax:-
Get-SPManagedAccount

Set-SPManagedAccount

Configures the managed account.

There are many ways we can change or update the Service account password.
- Open the server with service account.
- press "Ctr + Alt + Del" and change the password.
- After updated the password run the below script.
or Change the password through AD Service directly.

Syntax:-
$password=ConvertTo-SecureString -String $Encrypted -AsPlainText -Force
$m = Get-SPManagedAccount -Identity "DOMAINx\UserY"
Set-SPManagedAccount -Identity $m - ExistingPassword $password -UseExistingPassword $True

Set SharePoint Custom Access Denied Page

Using Set-SPCustomLayoutsPage command you can set the custom access denied page.

Following are the steps:-

•      Log into one of the farm WFEs as a farm administrator.
•      Open Windows Explorer, and then navigate to this folder:-C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\TEMPLATE\LAYOUTS\
•      Add a subfolder to this folder, naming it CustomPages.
•      In the LAYOUTS folder copy the file AccessDenied.ASPX into the CustomPages subfolder, renaming it AccessDeniedNew.ASPX.
•      Modify AccessDeniedNew.ASPX as desired.  To add text or other HTML elements to this page, be sure to introduce them within asp:Content tags. In the example below, formatted text has been added so that it will appear just below the "Sorry, this site..." message.
•      After completing the modification on this WFE, copy the CustomPages subfolder into the LAYOUTS folder of each of the WFEs in your farm.
•     Execute the command that will update the farm configuration database to point to the new location of the AccessDenied page: 

Set-SPCustomLayoutsPage -Identity "AccessDenied" -RelativePath "/_layouts/15/custompages/AccessDeniedNew.aspx" -WebApplication "http:/mywebapplication/"

• The Access Denied page path is now updated.
• Perform the IIS Reset activities in all the servers.

List of all users alerts in SharePoint 2013

Get the site collection level users alerts:-

 Add-PSSnapin microsoft.sharepoint.powershell

 $site = Get-SPSite "http://test/sites/spalerts/"

 $alertResultsCollection = @()

 foreach ($web in $site.AllWebs) {  

     foreach ($alert in $web.Alerts){

         $alertURL = $web.URL + "/" + $alert.ListUrl

         $alertResult = New-Object PSObject

         $alertResult | Add-Member -type NoteProperty -name "List URL" -value $alertURL

         $alertResult | Add-Member -type NoteProperty -name "Alert Title" -value $alert.Title

         $alertResult | Add-Member -type NoteProperty -name "Alert Type" -value $alert.AlertType

         $alertResult | Add-Member -type NoteProperty -name "Subscribed User"-value $alert.User

         $alertResultsCollection += $alertResult

      }

  }

  $site.Dispose()

  $alertResultsCollection

  

  ## Export to CSV

  $alertResultsCollection | Export-CSV "Alerts.csv"

Nintex Workflow (401: Unauthorized).

Symptom and Cause

Nintex workflow 2013 error message while publishing the workflow:-

Error Exception calling "PublishFromNWFXml" with "4" argument(s): "The request failed with HTTP status 401: Unauthorized."

Error Log:-

Access Denied. Exception: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)), StackTrace: 

 at Microsoft.SharePoint.Library.SPRequestInternalClass.OpenWeb(String bstrUrl, String& pbstrServerRelativeUrl, String& pbstrTitle, String& pbstrDescription, String& pbstrTitleResourceId, String& pbstrDescriptionResourceId, Guid& pguidID, DateTime& pdtTimeCreated, String& pbstrRequestAccessEmail, UInt32& pwebVersion, Guid& pguidScopeId, UInt32& pnAuthorID, UInt32& pnLanguage, UInt32& pnLocale, UInt16& pnTimeZone, Boolean& bTime24, Int16& pnCollation, UInt32& pnCollationLCID, Int16& pnCalendarType, Int16& pnAdjustHijriDays, Int16& pnAltCalendarType, Boolean& pbShowWeeks, Int16& pnFirstWeekOfYear, UInt32& pnFirstDayOfWeek, Int16& pnWorkDays, Int16& pnWorkDayStartHour, Int16& pnWorkDayEndHour, Int16& pnMeetingCount, Int32& plFlags, Boolean& bConnectedToPortal, String& pbstrPortalUrl, String& pbstrPortalName, Int32& plWebTemplateId, Int16& pnProvisionConfig, String& pbstrDefaultTheme, String& pbstrDefaultThemeCSSUrl, String& pbstrThemedCssFolderUrl, String& pbstrAlternateCSSUrl, String& pbstrCustomizedCssFileList, String& pbstrCustomJSUrl, String& pbstrAlternateHeaderUrl, String& pbstrMasterUrl, String& pbstrCustomMasterUrl, String& pbstrSiteLogoUrl, String& pbstrSiteLogoDescription, Object& pvarUser, Boolean& pvarIsAuditor, UInt64& ppermMask, Boolean& bUserIsSiteAdmin, Boolean& bHasUniquePerm, Guid& pguidUserInfoListID, Guid& pguidUniqueNavParent, Int32& plSiteFlags, DateTime& pdtLastContentChange, DateTime& pdtLastSecurityChange, String& pbstrWelcomePage, Boolean& pbOverwriteMUICultures, Boolean& pbMUIEnabled, String& pbstrAlternateMUICultures, Int32& plSiteSchemaMajorVersion, Int32& plSiteSchemaMinorVersion, Int32& plSiteSchemaBuildVersion, Int32& plSiteSchemaRevisionVersion, Int32& puiVersion, Int16& pnClientTag, Boolean& pfIsEvalSite, Guid& pgSourceSiteId, DateTime& pdtExpirationDate, Guid& pgEvalSiteId, Guid& pguidAppProductId, String& pbstrRemoteAppUrl, String& pbstrOAuthAppId, String& pbstrAppDatabaseName, Guid& pgAppDatabaseServerReferenceId, String& pbstrAppDatabaseTargetApplicationId, String& pbstrAppWebDomainId, Int32& plUpgradeFlags, DateTime& pdtReminderDate, UInt64& pmaskDeny)   

 at Microsoft.SharePoint.Library.SPRequest.OpenWeb(String bstrUrl, String& pbstrServerRelativeUrl, String& pbstrTitle, String& pbstrDescription, String& pbstrTitleResourceId, String& pbstrDescriptionResourceId, Guid& pguidID, DateTime& pdtTimeCreated, String& pbstrRequestAccessEmail, UInt32& pwebVersion, Guid& pguidScopeId, UInt32& pnAuthorID, UInt32& pnLanguage, UInt32& pnLocale, UInt16& pnTimeZone, Boolean& bTime24, Int16& pnCollation, UInt32& pnCollationLCID, Int16& pnCalendarType, Int16& pnAdjustHijriDays, Int16& pnAltCalendarType, Boolean& pbShowWeeks, Int16& pnFirstWeekOfYear, UInt32& pnFirstDayOfWeek, Int16& pnWorkDays, Int16& pnWorkDayStartHour, Int16& pnWorkDayEndHour, Int16& pnMeetingCount, Int32& plFlags, Boolean& bConnectedToPortal, String& pbstrPortalUrl, String& pbstrPortalName, Int32& plWebTemplateId, Int16& pnProvisionConfig, String& pbstrDefaultTheme, String& pbstrDefaultThemeCSSUrl, String& pbstrThemedCssFolderUrl, String& pbstrAlternateCSSUrl, String& pbstrCustomizedCssFileList, String& pbstrCustomJSUrl, String& pbstrAlternateHeaderUrl, String& pbstrMasterUrl, String& pbstrCustomMasterUrl, String& pbstrSiteLogoUrl, String& pbstrSiteLogoDescription, Object& pvarUser, Boolean& pvarIsAuditor, UInt64& ppermMask, Boolean& bUserIsSiteAdmin, Boolean& bHasUniquePerm, Guid& pguidUserInfoListID, Guid& pguidUniqueNavParent, Int32& plSiteFlags, DateTime& pdtLastContentChange, DateTime& pdtLastSecurityChange, String& pbstrWelcomePage, Boolean& pbOverwriteMUICultures, Boolean& pbMUIEnabled, String& pbstrAlternateMUICultures, Int32& plSiteSchemaMajorVersion, Int32& plSiteSchemaMinorVersion, Int32& plSiteSchemaBuildVersion, Int32& plSiteSchemaRevisionVersion, Int32& puiVersion, Int16& pnClientTag, Boolean& pfIsEvalSite, Guid& pgSourceSiteId, DateTime& pdtExpirationDate, Guid& pgEvalSiteId, Guid& pguidAppProductId, String& pbstrRemoteAppUrl, String& pbstrOAuthAppId, String& pbstrAppDatabaseName, Guid& pgAppDatabaseServerReferenceId, String& pbstrAppDatabaseTargetApplicationId, String& pbstrAppWebDomainId, Int32& plUpgradeFlags, DateTime& pdtReminderDate, UInt64& pmaskDeny).

Resolution

There are many ways to getting the above error message in Nintex workflow 2013:-

• Check the Nintex workflow content database permissions.
• Site Collection content databae have properly mapped with Nintex content database.
• Refresh the SharePoint authentication process like example: Ping Federate authentication.

Failed to start workflow. The profile for the user is a temporary profile.

Symptom and Cause

Nintex workflow 2013 is not triggered and getting error message “Failed to start workflow. The profile for the user is a temporary profile.” Nintex workflow internally working with w3wp process for the application pool (service Account).
In that case indicates that the application pool profile for the w3wp web service does not exist on servers.

Error Log:-

Nintex.Workflow.NWActionExecutionException: Failed to start workflow. ---> System.Security.Cryptography.CryptographicException: The profile for the user is a temporary profile.

at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer) at System.Security.Cryptography.Utils.get_StaticDssProvHandle()

at System.Security.Cryptography.DSACryptoServiceProvider.ImportParameters(DSAParameters parameters) at System.Security.Cryptography.DSA.FromXmlString(String xmlString) at Nintex.Workflow.Licensing.License.YR4=(String Yh4=, String Yx4=, DateTime ZB4=) at Nintex.Workflow.Licensing.License..ctor()

at Nintex.Workflow.Licensing.License.Zh4=()

at Nintex.Workflow.Licensing.License.Zx4=(Boolean aB4=) at Nintex.Workflow.Licensing.License.IsLicenseValid(LicenseCheckType options, SPWeb web, String& invalidReason) at Nintex.Workflow.Activities.ReportingHeaderActivity.Execute(ActivityExecutionContext executionContext) at System.Workflow.ComponentModel.ActivityExecutor`1.Execute(T activity, ActivityExecutionContext executionContext) at System.Workflow.ComponentModel.ActivityExecutorOperation.Run(IWorkflowCoreRuntime workflowCoreRuntime)

at System.Workflow.Runtime.Scheduler.Run() -

-- End of inner exception stack trace --- (Build:3080)

Resolution

Generate a local profile (Service Account) on servers –running w3wp process for the application pool.

More Information

I've found the following blogs:-

http://toddcarter.net/post/2010/05/03/give-your-application-pool-accounts-a-profile/

See section "User Profiles" in the below blog

http://www.iis.net/learn/manage/configuring-security/application-pool-identities

Delete all SharePoint Groups for list level using PowerShell

Add-PSSnapin Microsoft.SharePoint.PowerShell -erroraction SilentlyContinue
$web = Get-SPWeb http://site-name/Inst/site
$list = $web.Lists.TryGetList("Deleted Documents")
if($list.HasUniqueRoleAssignments -eq $False)
{
$list.BreakRoleInheritance($True)
}
[Microsoft.SharePoint.SPRoleAssignmentCollection] $spRoleAssignments=$list.RoleAssignments

for([int] $a=$spRoleAssignments.Count-1; $a -ge 0;$a--)
{
$spRoleAssignments.Remove($a);
}
$web.Dispose()