How to Change the Sync Service account Password for Add2Exchange Enterprise/365

There are two configurations for Add2Exchange, one logged in to the domain as a domain account and one configuration off domain, with a local machine account starting the service and another account for accessing mail. If you will be changing the password for either the local account or a domain account, the first step to changing the password is to log in as the service account and stop the Add2Exchange Service.

If you are changing the password for the Exchange account but not the service, still stop the service. We suggest keeping both passwords the same for ease of configuration, so if you change one, change the other and make note of it.

You can tell if your machine is running a local account (off domain) by viewing the login properties of the Add2Exchange Service in the Services Applet. If the domain is specified, or the email address is there, it is the domain account. If the service is started with ./zadd2exchange, for example, it is a local account and is DIFFERENT than the service account’s email password.

Depending on your installation and the automation you have set up, the password has to be changed in several places. The domain or local account password is used to start the Add2Exchange Service on the replication machine. The email account is used to access the Console, and as previously mentioned can be the same but does not have to be.

If you have set up automatic permissions and the one button update, the passwords will be stored for use for the scheduled task for automatic timed permissions and also for the Add2Exchange Service when you upgrade Add2Exchange through the one button upgrade accessed from the DidItBetter Support Menu.ps1 located as a shortcut on the desktop. Right click and Run as Powershell.

At present, we have encrypted the password in two ways, both a bitlocked and encrypted version and a randomized string in the registry. Nowhere should the password be in plain text, except during support in the Support.txt file shortcut on the desktop, and this is only temporary done for convenience and security while our support team is working and should be removed after the service. 

If you are changing the pw for the exchange or 365 account, AND the account running the service is the domain account, it will be the same account and same password.   

To Change the Password

Stop the Add2Exchange Service

You can change the password for the machine account easily by pressing or sending a CTRL-ALT-Del on that machine and selecting to change the password option.  This method will work for both on or off domain accounts starting the Add2Exchange service.  If on the domain, it can also be done within Active Directory or Azure.  If the replication machine is off the domain, this method only changes the local account running the A2E Service and does not change the service account’s email password.  This must be done in AD or Azure, depending on your environment.

Once the appropriate password(s) has or have been changed, we will then record it/them for automation and use on the replication system.

After you have reset one or both passwords, you will record the password(s) for automatic use by the system from within the Diditbetter Support Menu.ps1

There are two options needed to change the password, under Permissions;  

Reset the Add2Exchange Password.  This option simply blanks out the encrypted password in the registry and also the Add2Exchange Service and will force you to enter the new password(s) in manually.

The second option is entitled Automate Permissions on a Schedule.  Even if you do not have the service account (or some other account) set up to automatically grant permission to new users you add to the sync process, this option should be run.  There is an option in this utility to bitlock and encrypt the password for the Add2Exchange Service so it is smoother when you do the one button upgrade of Add2Exchange. 

Once selected, it may ask you to update the EXO-V2 module.  Please allow this.  there are several options. 

Please note the rather peculiar screen behavior

When you select the button to enter ANY and all passwords from this screen, the focus of the menu will shift and prompt you in the Powershell window behind the menu.  Once entered, press a carriage return you can switch back to enter more information. If the menu becomes unresponsive, it is because powershell in the background is waiting for you to put in the correct password.  Whatever the last password you enter for that prompt will be saved. 

When done, select the button Update Credentials.

The options on the left are for the Email account.  These may or may not be filled out, depending on if you have set the automatic permissions scheduled task on the bottom of the menu.  If not, the only option which should be filled out with the new password is the Local Account and Local Account password.

The option in the middle right, is for the Local Account starting the A2E Service.   Again this can be the same account as the ones specified on the right, but do not have to be.  In the picture below, the service is being run as a local administrative account and not the email account.  Tip: for simplicity’s sake we usually make the account passwords the same even if the logins are different.    

If you are doing on prem permissions, and the service account is an exchange org admin (on Prem) or Exchange Admin (365), then press the button on the right next to the name and switch to powershell and enter the password.  Pasting it is possible with a right click. 

Once done, there is no need to create the scheduled task if it exists already, as this process only changed the creds it already uses to give permissions. 

Be sure to select Update Credentials for it to save them.


Next, open Outlook.  If it opens successfully, then you have done well so far.  Open OWA and log in as the sync account. This hyper link is in Outlook, under File and is just under the Account Settings.  When prompted to, save the new creds and select to be prompted less and stay logged in.  This updates the credential manager. 

Once Outlook opens successfully, open the Add2Exchange Console and when prompted, paste the credentials in.

Finally, go to the Services Applet and edit the password for the Add2Exchange Service. 

Close the Add2Exchange Console and Start the service when prompted.

Next, review the Add2Exchange Logs in a few minutes to make sure all is syncing well, and there are no warnings, errors or failures in the event log.