Views:

Applies To:

GroupID 10

Business Case:

As a security measure, there is a requirement for organizations to change the passwords of the admin accounts. The service account used for an identity store in GroupID is no exception, and you may need to change its password.

Methodology:

After changing the service account password in Active Directory, you have to specify this new password in GroupID. For that, you must first run the GroupID Configuration Tool and then manually enter the new password in identity store settings, scheduled jobs, and wherever that account is used in GroupID. This article covers all the possible places where you need to change the password of the service account after running the Configuration Tool.

It is recommended to engage Imanami Support for this activity.

Steps:

Warning:

In case you have applied any patches to the GroupID server, make sure you rename the following folders before running the Configuration Tool, otherwise your patch files will be reverted and you will have to apply them again.

DataServiceZip
[GroupID installation drive]:\Program Files\Imanami\GroupID 10.0\GroupIDDataService\

SecurityServiceZip
[GroupID installation drive]:\Program Files\Imanami\GroupID10.0\GroupIDSecurityService\

GroupIDServicesZip
[GroupID installation drive]:\Program Files\Imanami\GroupID 10.0\GroupIDServices\

SelfServiceZip
[GroupID installation drive]:\Program Files\Imanami\GroupID 10.0\SelfService\

PasswordCenterZip
[GroupID installation drive]:\Program Files\Imanami\GroupID 10.0\PasswordCenter\

GroupIDMobileServiceZip
[GroupID installation drive]:\Program Files\Imanami\GroupID 10.0\GroupIDMobileService\

Insights
[GroupID installation drive]:\Program Files\Imanami\GroupID 10.0\Insights\

 

To Rename all zip files you can also use the following windows powershell command: 

 

$locations = @(

    "C:\Program Files\Imanami\GroupID 10.0\GroupIDDataService\DataServiceZip.zip",

    "C:\Program Files\Imanami\GroupID 10.0\GroupIDMobileService\GroupIDMobileServiceZip.zip",

    "C:\Program Files\Imanami\GroupID 10.0\GroupIDSecurityService\SecurityServiceZip.zip",

    "C:\Program Files\Imanami\GroupID 10.0\GroupIDServices\GroupIDServicesZip.zip",

    "C:\Program Files\Imanami\GroupID 10.0\Insights\Insights.zip",

    "C:\Program Files\Imanami\GroupID 10.0\PasswordCenter\PasswordCenterZip.zip",

    "C:\Program Files\Imanami\GroupID 10.0\SelfService\SelfServiceZip.zip"

)

 

foreach ($location in $locations) {

    if (Test-Path $location) {

        $originalName = $location -replace ".zip$", "old.zip"

        Rename-Item -Path $location -NewName $originalName -Force

    } else {

        Write-Host "File not found: $location"

    }

}

To undo and rename Zip files back to original:

$locations = @(

    "C:\Program Files\Imanami\GroupID 10.0\GroupIDDataService\DataServiceZipold.zip",

    "C:\Program Files\Imanami\GroupID 10.0\GroupIDMobileService\GroupIDMobileServiceZipold.zip",

    "C:\Program Files\Imanami\GroupID 10.0\GroupIDSecurityService\SecurityServiceZipold.zip",

    "C:\Program Files\Imanami\GroupID 10.0\GroupIDServices\GroupIDServicesZipold.zip",

    "C:\Program Files\Imanami\GroupID 10.0\Insights\Insightsold.zip",

    "C:\Program Files\Imanami\GroupID 10.0\PasswordCenter\PasswordCenterZipold.zip",

    "C:\Program Files\Imanami\GroupID 10.0\SelfService\SelfServiceZipold.zip"

)

 

foreach ($location in $locations) {

    if (Test-Path $location) {

        $originalName = $location -replace "old.zip$", ".zip"

        Rename-Item -Path $location -NewName $originalName -Force

    } else {

        Write-Host "File not found: $location"

    }

}

 

  1. Change the service account password in Active Directory and run the replication from GroupID Management Console. Before moving to the next step, make sure the service account is not locked out.

  2. Launch the GroupID Configuration Tool. On the Introduction page, click Next.

  3. The Modify current GroupID 10 server configurations option is selected by default. Click Next until you reach the Service Account Settings page.

  4. Enter the new service account password for the GroupID app pool, scheduled jobs, or Windows services (as needed). Alternatively, you can simply provide the new password in the app pool setting and select the Configure same account for all option.

  5. Go through the remaining pages of the tool to complete the process.

    Note:In case of multiple GroupID servers in a master-slave configuration, follow the above steps on the master server. For the slave servers, run the Configuration Tool with the Modify current GroupID 10 server with existing database configurations option.

  6. Once the Configuration Tool is successfully completed, launch GroupID Management Console and navigate to identity store properties. Provide the new password in identity store settings.



    This is a must step because the Configuration Tool does not change the password in identity store settings. You have to do it manually, else replication will not run.

  7. After connecting the identity store to the directory using the new password, run the replication and make sure it is successful. In case it isn't, please engage Imanami Support.

  8. Once done, please change the password of the service account in the messaging system settings as well if you are using the same service account for the connectivity with messaging system.

Module-wise Configurations:

  • Synchronize:
    If you are using the same service account to connect with your AD in Synchronize jobs, you need to manually change the password in all those jobs.
     
  • Automate:
    If you are using the same service account in GroupID scheduled jobs,  then change the password of the service account manually in all the schedules. Schedules are tied with the machine and the Configuration Tool doesn’t make this change automatically. Also, if you have database groups (groups that pick their membership from a database e.g. SQL etc.) and if those groups are using the same service account for connecting with the database, then you have to manually update the password of all such groups where the GroupID service account is being used to connect with the database.
     
  • Self-Service and Password Center portals:
    No change is needed.
     
  • Reports
    If you have connected the GroupID Reports module to a domain for which an identity store is not available in GroupID Management Console, and you change the password of the service account specified for connectivity, then you must provide the new password to reconnect.

Reference:

GroupID Installation and Configuration Guide

 

Keywords: Service account, identity store, password, change
Comments (0)