Tuesday, May 5, 2015

Retrieve Secure Store Service credentials in SharePoint 2010/13


There are some actions to be taken care manually in SharePoint 2010/13. If any service account password is updated then the same password can be updated using managed accounts which get updated in all the places in same SharePoint Farm. But if SharePoint using any services from other farm then the password will not be updated and create new issue while access the service from other farms.

The account details will be stored in secure store services. To update the new password, SharePoint Administrator should aware or refer any document to find services and currently using credentials. SharePoint 2010 service application does not have any user interface to identify those details quickly. In such case below PowerShell script can be used.

$serviceCntx = Get-SPServiceContext -Site http://kmsnet:12345/
$sssProvider = New-Object Microsoft.Office.SecureStoreService.Server.SecureStoreProvider
$sssProvider.Context = $serviceCntx
$marshal = [System.Runtime.InteropServices.Marshal]

try
{
$applicationlications = $sssProvider.GetTargetApplications()
foreach ($application in $applicationlications)
{
Write-Output "`n$($application.Name)"
Write-Output "$('-'*50)"
try
{
$sssCreds = $sssProvider.GetCredentials($application.Name)
foreach ($sssCred in $sssCreds)
{
$ptr = $marshal::SecureStringToBSTR($sssCred.Credential)
$str = $marshal::PtrToStringBSTR($ptr)
Write-Output "$($sssCred.CredentialType): $($str)"
}
}
catch
{
Write-Output "(Something went wrong) - Error getting credentials!"
}
Write-Output "$('-'*50)"
}
}

catch
{
Write-Output "(Something went wrong) - Error getting Target Applications."
}

$marshal::ZeroFreeBSTR($ptr)

1 comment:

  1. Hi thanks for sharing this article, I have worked upon search this for a little time, and I really know it is really very tricky to work upon it. But carry on.

    ReplyDelete