When you add a Hyper-V hosts to VMM, you must specify either a Run As Account (stored credentials in VMM) or manually enter the credentials. The Run As Account or the user you specify should be a local administrator on the host. If a Run As Account is provided, then it will be used while adding the host as well as for providing future access to the host during its lifetime. If credentials are entered manually, then they will only be used while adding the host. Once the host has been successfully added, the VMM service account will be added as local administrator on the host and used to provide any future access to it.
In other words, the VMM service account will end up in the group for local administrator on each host.
However, I often see customers who have deployed their own VMM server and added hosts manually with their own Domain Admin credentials. This is just fine for a demo or a lab, but should not be done in any production environment.
If this user is disabled, changes password or anything else, this will indeed break the communication between VMM and the (previously) managed hosts.
You may have noticed that once you have added your hosts – and also created a cluster, the Run As Account located on “Host Access” tab of the host properties are greyed out. This can’t be changed in the GUI and some people are doing drastically things like removing the cluster – and adding it back to VMM again with the correct Run As Account. However, if you are creating logical switches on the hosts in the right way, through VMM, you must re-deploy the switch configuration again afterwards. No good.
Lucky for us all, the solution is located in the API, using Powershell.
Here are some simple lines for you to change a Run As Account for a managed Hyper-V cluster in VMM (if the hosts are not clustered, you are able to change the Run As Account through the GUI)