So I’m setting up our DR farm here and I had an epiphany while I was doing the configuration. I’d mimicked all of the settings of the production farm including using managed accounts… the same managed accounts. I was about halfway through when I realized that would probably be a bad idea. Since the two farms would want to change the passwords 1) at the same time (remember I said I was mimicking the settings) and 2) to different things.
So I backed out and got a different set of service accounts to use as managed accounts. In trying to remove the old service accounts from the managed accounts console, I kept running into errors. Turns out you have to disable the auto password changing first, then remove the account. Pretty obvious, actually, but thought I’d share. Point. Heh.
Edit: Â We actually ended up not using the password changing policies of the managed accounts. Â Preferring to instead keep the accounts all on the same password change schedule.