Active directory authentication - fixing incorrect service account credentials
Published 14 February 2023
If SQL Monitor is configured to authenticate users with Active Directory, and you're locked out of your Active Directory service account, you may be able to Edit the entry in the Windows Credential Manager associated with it, which will be in the form SQL_Monitor_AD_ServiceAccount_<Domain>. If that doesn't exist for some reason or does not work, you will need to switch the authentication mode back to the default, remove the entries for the domains that have been added, restart the Web Service (or website, if you're using IIS), and then switch back to Active Directory authentication.
For editing the entry in Windows Credential Manager do this:
- Open Control Panel to show All Control Panel Items, and then open Credential Manager: note that you will need to run this as the user SQL Monitor runs as.
- Click on Windows Credentials.
- Find the entry for your service account under the Generic Credentials section.
It will be in the form SQL_Monitor_AD_ServiceAccount_<Domain> like this:
(Note: there may be a legacy entry, SQL_Monitor_AD_ServiceAccount, from versions before multiple AD domains were added that will be fallen back to for the first domain) - Expand the entry and click Edit to update the password.
If this fails, you can switch back to SQL Monitor basic authentication and then reconfigure Active Directory authentication.