System Documentation Model

Service Oriented system documentation model.

Recover Windows service account passwords

Ever encountered the situation where you don’t know the password of one or more services running on your windows server? – Well I have, lots of time. Lack of documentation, lost people, lost passwords, typos you name it, I’ve seen it. By chance, I stumpled upon a few articles describing a seamless easy way to retrieve all these passwords and of course asked my good friend Mads Hjort Larsen to concoct a user friendly version of this script and so he did!

Now while this is a nice way to pull out lost service account passwords. It will also serve as a grand reminder about DO NOT use Domain Administrator accounts as service accounts. DO NOT use personal accounts for services. The passwords are really THAT easy to retrieve.
Dont trust me? – try it for your self, I dare you 🙂

How to configure SharePoint trusted identity provider for UPN

#-- Add Certificates to SharePoint certificate store.
#-- Select Token signing Certificate
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("D:\Certs\TokenSign\TokenSign.cer")

#-- Add Token signing Certificate to SharePoint trusted store
New-SPTrustedRootAuthority -Name "Token Sign ADFS 3.0" -Certificate $cert

#-- Creating Claim mapping
$emailClaimMap = New-SPClaimTypeMapping -IncomingClaimType "" -IncomingClaimTypeDisplayName "EmailAddress" -SameAsIncoming
$upnClaimMap = New-SPClaimTypeMapping -IncomingClaimType "" -IncomingClaimTypeDisplayName "UPN" -SameAsIncoming
$roleClaimMap = New-SPClaimTypeMapping -IncomingClaimType "" -IncomingClaimTypeDisplayName "Role" -SameAsIncoming

#-- Creating Trusted Identity Provider for SharePoint
#-- Share IdP realm
$realm = "URN:SharePoint:Extranet"

#-- URL for the IdP solution
$signInURL = ""

#-- Name of IdP 
$ProviderName = 'Extranet ADFS'

#-- IdP Token issuer for SharePoint
New-SPTrustedIdentityTokenIssuer -Name $ProviderName -Description 'Contoso Federated Authentication - External' -realm $realm -ImportTrustCertificate $cert -ClaimsMappings $emailClaimMap, $UPNClaimMap, $RoleClaimMap -SignInUrl $signInURL -IdentifierClaim $UPNClaimmap.InputClaimType