Update all SharePoint 2010 service account passwords from one script

Nice to do this in one script, take note of additional steps after the script has run.

You must of course set the values between ### YOU NEED TO SET THESE and
### STOP SETTING NOW to those appropriate to your farm.

You will note that this script allows for a typical set of farm accounts
as required by a Least Privilege Service Accounts setup. You may add modify
or remove accounts as you require.

add-pssnapin microsoft.sharepoint.powershell -erroraction silentlycontinue
 
function Set-AdUserPwd
{
[CmdletBinding()]
Param(
    [string[]]$users,
    [string]$password
)
 
    write-host "Change AD passwords for system accounts"
 
    $users | % {
 
        $thisAccount = $_
 
        write-host "`tChange password for" $thisAccount
 
        $oUser = [adsi]"LDAP://$thisAccount" 
        $ouser.psbase.invoke("SetPassword",$password)
        $ouser.psbase.CommitChanges()
    }
 
    write-host "All done."
 
}
 
function ChangePasswordForManagedAccounts()
{
[CmdletBinding()]
param(
    [string] $newPassword,
    [string[]]$accounts,
    [bool] $UseExisting
)
 
    $newPw = ConvertTo-SecureString $newPassword -asPlainText -Force
 
    write-host "Change Managed account passwords"
 
    $accounts | % {
        $thisAccount = $_
 
        write-host "`tChange password for managed account" $thisAccount
 
        if($useExisting)
        {
            Set-SPManagedAccount    -identity $thisAccount `
                                    -ExistingPassword $newPw `
                                    -UseExistingPassword:$true `
                                    -Confirm:$false `
 
        }
        else
        {
            Set-SPManagedAccount    -identity $thisAccount `
                                    -Confirmpassword  $newPw `
                                    -Newpassword  $newPw `
                                    -Confirm:$false `
                                    -SetNewPassword:$true
        }
    }
 
    write-host "All done."
}
 
function DefaultContentAccessAccountPassword()
{
[CmdletBinding()]
param(
    [string] $searchAppName,
    [string] $account,
    [string] $password
)
    write-host "Change Default content access account password for" $account
 
    $searchapp = Get-SPEnterpriseSearchServiceApplication -Identity $searchAppName
    $c = New-Object Microsoft.Office.Server.Search.Administration.Content($searchapp)
 
    $c.SetDefaultGatheringAccount(
        $account,
        (ConvertTo-SecureString $password -AsPlainText -force))
}
 
#
# ### YOU NEED TO SET THESE
#
$systemAccounts = @(
                    "cn=sql-svc,ou=YOUR_OU,dc=YOUR_DOMAIN,dc=com",
                    "cn=SpUps,ou=YOUR_OU,dc=YOUR_DOMAIN,dc=com",
                    "cn=SPServices,ou=YOUR_OU,dc=YOUR_DOMAIN,dc=com",
                    "cn=SPSearch,ou=YOUR_OU,dc=YOUR_DOMAIN,dc=com",
                    "cn=SPObjCacheSuper,ou=YOUR_OU,dc=YOUR_DOMAIN,dc=com",
                    "cn=SPObjCacheRead,ou=YOUR_OU,dc=YOUR_DOMAIN,dc=com",
                    "cn=SPMySiteAppPool,ou=YOUR_OU,dc=YOUR_DOMAIN,dc=com",
                    "cn=SPFarm,ou=YOUR_OU,dc=YOUR_DOMAIN,dc=com",
                    "cn=SPContent,ou=YOUR_OU,dc=YOUR_DOMAIN,dc=com",
                    "cn=SPAppPool,ou=YOUR_OU,dc=YOUR_DOMAIN,dc=com",
)
 
$managedAccounts = @(
                    "YOUR_NETBIOS_DOMAIN\SPFarm",
                    "YOUR_NETBIOS_DOMAIN\SPServices",
                    "YOUR_NETBIOS_DOMAIN\SPAppPool",
                    "YOUR_NETBIOS_DOMAIN\SPMySiteAppPool",
                    "YOUR_NETBIOS_DOMAIN\SPSearch"
)
 
$searchAppName = "Search Service Application"
$farmAccount = "YOUR_NETBIOS_DOMAIN\SPFarm"
$defaultSearchContentAccount = "YOUR_NETBIOS_DOMAIN\SPContent"
 
$theNewPassword = "L3tM31n"   
 
#
# ### STOP SETTING NOW
#
 
clear-host
 
# Change system account passwords in AD
#
set-AdUserPwd -users $systemAccounts -password $theNewPassword
 
# Managed account passwords
#
ChangePasswordForManagedAccounts -newPassword $theNewPassword -accounts $managedAccounts -UseExisting $true
 
# Default content access account
#
DefaultContentAccessAccountPassword -SearchAppName $searchAppName -account $defaultSearchContentAccount -password $theNewPassword
 
# Farm account
#
#
write-host "Change farm account password" $farmAccount
 
stsadm -o updatefarmcredentials -userlogin $farmAccount -password $theNewPassword
 
# its all over now
#
write-host "Remember to edit SQL service startup account password in `"Services`""
write-host "Remember to Restart profile sync service on central admin in `"Services on a server`""
write-host "Check out if SharePoint tracing service is running as a system account in `"Services`" make it local system"
write-host "All done."