• EN
Solved

domain administrator credentials used in veeam

J
Userlevel 4

Hi team:

I have a question regarding the title above. It turns out that for many things in Veeam (access to hosts, jobs, console, etc.) I use the domain administrator's credentials. If I have to change said password, should I make adjustments to all the accesses described above?

 

Regards,

icon

Best answer by coolsport00 8 February 2024, 16:01

View original

13 comments

coolsport00
Userlevel 7
Badge +17

You may need to perform rescan of infrastructure objects added to Veeam within the Console under Managed Servers; or, go into the Properties of the objects and go through the wizard again. You will for sure need to update the Credential item in your Console Credentials section, as well.

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
Moustafa_Hindawi
Userlevel 7
Badge +6

Hello @jmaticurena 

you need to update it from Credentials Manager as below

https://helpcenter.veeam.com/docs/backup/vsphere/credentials_manager_windows.html?ver=120

Moustafa Hindawi | Blogger | Nutanix Technology Champion | NCSE | NCM-MCI | VMCE | 2xVCAP-DTM & DCV | 2xVCP-NV & CMA | LinkedIn: https://www.linkedin.com/in/moustafaadelmoustafa/ | My Blog: https://cloudwhales.co.uk/author/mhindawi/
J
Userlevel 4

And in the case of the veeam console? If I changed the domain administrator password, it wouldn't let me in or would it?

Chris.Childerhose
Userlevel 7
Badge +20

You could also look in to use a gMSA account (Group Managed Service Account) as well to make password changes easier - Using Group Managed Service Accounts - User Guide for VMware vSphere (veeam.com)

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
coolsport00
Userlevel 7
Badge +17

Assuming you log into the Windows system with the same domain admin creds, yes.

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
Chris.Childerhose
Userlevel 7
Badge +20

And in the case of the veeam console? If I changed the domain administrator password, it wouldn't let me in or would it?

It would let you in if that domain admin had permissions in the console.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
coolsport00
Userlevel 7
Badge +17

“It would let you in if that domain admin had permissions in the console” ← this, because if you have MFA set, you need to remove any groups, which by default Administrators group is added in the Console. If you do not have this group, as Chris shared, you need to have the same domain admin account as a user with Console permissions.

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
coolsport00
Userlevel 7
Badge +17

UPDATE: I modified this post as I believe it was inaccurate.

@jmaticurena - whether you have the DA acct in Users & Roles explicitly or via local Admin group, yes, after a domain acct pwd change, you should be able to log into the Console.

If you have the same domain admin account as saved Credentials for such things as adding Managed Servers and/or Guest Processing, you need to go into Credentials & Passwords and change the password of the domain acct there.

Then, you should do a rescan operation, or go into the Properties, of your VBR objects (Proxies, Repos, other servers, etc).

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
J
Userlevel 4

I rephrase the question: I have my Veeam scheme working (I create jobs, I have access to the hypervisor, etc.), using the domain administrator credentials as credentials, since everything is under an AD. The question is what happens if, for maintenance reasons or company policy, I change said password every 6 months, for example. Would access, starting with the veeam console, be affected? I should do a rescan and adjust the keys for the rest of the components, I am clear, but it is the console that is the beginning where there would be the inconvenience.

coolsport00
Userlevel 7
Badge +17

@jmaticurena - see my modified response above. All you need to do to be able to continue to log in is to make sure the domain acct has access either explicitly or via local Admin group added in Users & Roles. If either is the case, then yes, you’ll be able to login.

You then need to modify the DA credential password if you used it for VBR objects.

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
coolsport00
Userlevel 7
Badge +17

If you’re unsure or uncomfortable in making this change, I recommend getting ahold of Veeam Support to confirm access.

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
CarySun
Userlevel 7
Badge +7

I rephrase the question: I have my Veeam scheme working (I create jobs, I have access to the hypervisor, etc.), using the domain administrator credentials as credentials, since everything is under an AD. The question is what happens if, for maintenance reasons or company policy, I change said password every 6 months, for example. Would access, starting with the veeam console, be affected? I should do a rescan and adjust the keys for the rest of the components, I am clear, but it is the console that is the beginning where there would be the inconvenience.

You need to go to Credentials & Password to update the account password. After you edit the password, you do not need to perform any other actions. Veeam Backup & Replication will start using the changed password after a job runs for the next time.

https://helpcenter.veeam.com/docs/backup/vsphere/password_manager_edit.html?ver=120

 

Veeam Vanguard | Veeam Legend | VMCE 2024 | Microsoft MVP | Cisco Insider Champion | CISCO CCIE #4531 | Web Site - carysun.com | Blog Site - gooddealmart.com | Blog Site - checkyourlogs.net | X: @SifuSun | LinkedIn: https://www.linkedin.com/in/sifusun/ | Amazon Author: https://Amazon.com/author/carysun
coolsport00
Userlevel 7
Badge +17

Hi @jmaticurena -

I just wanted to follow up to make sure one of the comments/suggestions above answered your credentials question? To recap what was shared:

  • If you change your password for your domain admin account in AD, yes..you’ll be able to log into your Veeam server with the new password; you’ll also be able to log into the Veeam Console if you still have the Local Administators in Users & Roles in the Console, or you’ve added the domain admin account explicitly as a user/role in Users & Roles
  • If you use your domain admin account for some credential in your backup enviornment (i.e. Guest Indexing or some other process), you probably have this listed as a Credentials option in your Console. For this, you would need to change the password listed in Credentials & Passwords location manually to prevent jobs from failing and/or components from disconnecting or becoming unavailable. Changing the password in AD doesn’t affect this location

If any of the comments helped resolve your question, we ask you please mark one as ‘Best Answer’ so others who may come across your post with the same question may see what answers their query.

Let us know if you have further questions.

Thank you.

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00

Comment


Terms & Conditions