[This is preliminary documentation and is subject to change. Blank topics are included as placeholders.]

Locates each Web server in a site that has been assigned a Kerberos account and then updates the IIS configuration settings on each of those servers.

Syntax

Set-CsKerberosAccountPassword -UserAccount <String> [-Confirm [<SwitchParameter>]] [-Force <SwitchParameter>] [-Report <String>] [-WhatIf [<SwitchParameter>]]
Set-CsKerberosAccountPassword -FromComputer <Fqdn> -ToComputer <Fqdn> [-Confirm [<SwitchParameter>]] [-Force <SwitchParameter>] [-Report <String>] [-WhatIf [<SwitchParameter>]]

Parameters

Parameter Required Type Description

UserAccount

Optional

String

User principal name of the account where the password is being set. For example: -UserAccount "kerberostest@litwareinc.com".

ToSite

Optional

String

Name of the site where the Kerberos account password will be copied. This parameter cannot be used if you use the –UserAccount parameter.

ToComputer

Optional

String

Fully qualified domain name of the computer where the Kerberos account password will be copied. This parameter cannot be used if you use the –UserAccount parameter.

FromComputer

Optional

String

Fully qualified domain name of the computer containing the Kerberos account whose password will be copied to another computer or to a site. This parameter cannot be used if you use the –UserAccount parameter.

Report

Optional

String

Enables you to specify a file path for the log file created when the cmdlet runs. For example: -Report "C:\Logs\SetKerberosPassword.htm".

Force

Optional

Switch Parameter

When present, suppresses all error messages except for fatal errors.

WhatIf

Optional

Switch Parameter

Describes what would happen if you executed the command without actually executing the command.

Confirm

Optional

Switch Parameter

Prompts you for confirmation before executing the command.

Detailed Description

In Office Communications Server 2007 and Office Communications Server 2007 R2, Internet Information Service ran under a standard user account. This has the potential to cause problems: if that password expired (which it would, depending on your enterprise password policies) you might lose your Communications Server Web services, and would definitely have to diagnose the problem and then change the password. To help avoid the problem of expiring passwords, Microsoft Communications Server 2010 enables you to create a computer account (for a computer that doesn’t actually exist) that can serve as the authentication principal for all the computers in a site that are running IIS.

To run your Web servers under this single authentication principal you must first create a computer account (which, again, is not tied to an actual computer) using the New-CsKerberosAccount cmdlet; this account is then assigned to one or more sites. After the assignment has been made, the association is enabled by running the Enable-CsTopology cmdlet; among other things, this creates the required Service Principal Name (SPN) in Active Directory. SPNs provide a way for client applications to locate a particular service. Because these accounts use the Kerberos authentication protocol, the accounts are often referred to as Kerberos accounts and the new authentication process is known as Kerberos Web authentication.

After a new association has been made, the Set-CsKerberosAccountPassword cmdlet provides a way to modify the password assigned to the account and, equally important, update the password (and any associated IIS configuration settings) on every computer in the site running Communications Server Web services.  In addition, the cmdlet can also use the –ToComputer and -FromComputer parameters to copy this configuration information from one computer to another.

Return Types

Set-CsKerberosAccountPassword does not return any objects or values. Instead, the cmdlet modifies existing instances of the Microsoft.Rtc.Management.WriteableConfig.Settings.KerberosAccount.KerberosAccount object.

Examples

-------------------------- Example 1 ------------------------

Copy Code
Set-CsKerberosAccountPassword -UserAccount "kerberostest@litwareinc.com"

The command shown in Example 1 sets the password for the user account kerberostest@litwareinc.com.