Joining servers to farm withoug specifying service passwords?

Jul 18, 2012 at 9:52 AM


I'm planning our roll-out with AutoSPInstaller, and would like to know if I need to specify service passwords if I just want to add the server to a farm where the service accounts are already managed by SharePoint.

Actually, for adding a server later, I might not even know the password because it's managed by SharePoint.


Jul 20, 2012 at 11:40 AM

Good question - I've not encountered this scenario although it's certainly feasible. Perhaps the quickest option (without modifying the script) would be to simply retrieve all your current managed account passwords and include them in the XML input file for the server you're adding. Scripts like can help with this.

Actually it shouldn't matter what passwords you specify in the XML for the managed accounts, since the script would only attempt to add them if they didn't already exist (and it would detect this based on the username alone).


Jul 20, 2012 at 12:47 PM

Hello Brian,

thanks for the answer. The scenario here is to keep a script ready for future additions to the farm without having to worry about passwords (except farm password). I'll try and figure out what my best options are.


Jul 30, 2012 at 7:39 PM

I'm attempting to use Active Directory "Managed Service Accounts" (MSA) with my SharePoint implementation, which seems related to this thread.  With a MSA, no password is needed.  I've created the MSA's and associated them to my SharePoint server.  With no password to plug into the script, the install fails because it has no password to pass, I'm guessing.  As is the intent of the original poster, I want to create a script that doesn't need to store passwords and I can use pre-created MSAs.  Any ideas on how to do this?


Here's the log on what's encountered when I try to use a MSA.


 - Adding Managed Accounts
 - Script aborted!

Exception             : System.Management.Automation.ParameterBindingValidation
                        Exception: Cannot bind argument to parameter 'String' b
                        ecause it is an empty string.
                           at System.Management.Automation.ParameterBinderBase.
                        ValidateNullOrEmptyArgument(CommandParameterInternal pa
                        rameter, CompiledCommandParameter parameterMetadata, Ty
                        pe argumentType, Object parameterValue, Boolean recurse
                           at System.Management.Automation.ParameterBinderBase.
                        BindParameter(CommandParameterInternal parameter, Compi
                        ledCommandParameter parameterMetadata, ParameterBinding
                        Flags flags)
                           at System.Management.Automation.CmdletParameterBinde
                        rController.BindParameter(CommandParameterInternal argu
                        ment, MergedCompiledCommandParameter parameter, Paramet
                        erBindingFlags flags)
                           at System.Management.Automation.CmdletParameterBinde
                        rController.BindParameter(UInt32 parameterSets, Command
                        ParameterInternal argument, MergedCompiledCommandParame
                        ter parameter, ParameterBindingFlags flags)
                           at System.Management.Automation.ParameterBinderContr
                        oller.BindPositionalParametersInSet(UInt32 validParamet
                        erSets, Dictionary`2 nextPositionalParameters, CommandP
                        arameterInternal argument, ParameterBindingFlags flags,
                         ParameterBindingException& bindingException)
                           at System.Management.Automation.ParameterBinderContr
                        oller.BindPositionalParameters(Collection`1 unboundArgu
                        ments, UInt32 validParameterSets, UInt32 defaultParamet
                        erSet, Boolean ignoreArgumentsThatLookLikeParameters, P
                        arameterBindingException& outgoingBindingException)
                           at System.Management.Automation.CmdletParameterBinde
                        ction`1 arguments)
                           at System.Management.Automation.CmdletParameterBinde
                        rController.BindCommandLineParameters(Collection`1 argu
                           at System.Management.Automation.CommandProcessor.Bin
                        dCommandLineParameters(CommandParameterInternal[] param
                           at System.Management.Automation.CommandProcessor.Pre
                        pare(CommandParameterInternal[] parameters)
                           at System.Management.Automation.CommandProcessorBase
                        .DoPrepare(CommandParameterInternal[] parameters)
                           at System.Management.Automation.Internal.PipelinePro
                        cessor.Start(Boolean incomingStream)
                           at System.Management.Automation.Internal.PipelinePro
                        cessor.SynchronousExecuteEnumerate(Object input, Hashta
                        ble errorResults, Boolean enumerate)
TargetObject          :
CategoryInfo          : InvalidData: (:) [ConvertTo-SecureString], ParameterBin
FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAllowed,M
ErrorDetails          :
InvocationInfo        : System.Management.Automation.InvocationInfo
PipelineIterationInfo : {}
PSMessageDetails      :

Aug 2, 2012 at 3:08 AM

I'm not even sure if MSA's are supported with SharePoint at all (regardless of AutoSPInstaller) - have you found anything that says they're supported?


Aug 2, 2012 at 1:09 PM

So far, I haven't found anything that says they're not supported.  If I can use a MSA, I would like to.  It seems the SharePoint services are perfectly suited to what MSAs were created for.  I posted the question of the use of MSAs with SharePoint to the SharePoint Yahoo group as well and, so far, only received one reply where the individual suggested "Setup the farm first then turn this on for the app pool accounts only."  I haven't tried this yet.  If this is the only way to get a MSA to work with SharePoint, I supposed that's fine.  An automated implementation would be better, but I'll use what works.