I’m adding to my previous post about delegation to provide more information about Service Principal Names. Recall that you can add SPNs using setspn with the –A switch. Once you’ve run the command to add the SPN you’ll want a way to verify that it took. Normally you can do this by calling setspn with the –L switch and a target computer which will list all the registered SPNs for that computer, but in my experience I have seen custom SPNs excluded from this list. Fortunately there’s a handy VBScript available on TechNet that will query Active Directory and does return a complete list (link below).
If you have verified that your SPN exists but are experiencing problems using it you can reset all SPNs for a computer using the –R switch. Finally, if you need to delete a SPN you can use the –D switch. Running setspn without any arguments will output a list of all the available switches and syntax for using them.
DOWNLOAD: SPN Query utility from TechNet
About Kendal
Kendal is a database strategist, community advocate, public speaker, and blogger. A practiced IT professional with over 15 years of SQL Server experience, Kendal excels at disaster recovery, high availability planning/implementation, & debugging/troubleshooting mission critical SQL Server environments. Kendal is a Senior Consultant on the Microsoft Premier Developer Support team and President of MagicPASS, the Orlando, FL based chapter of PASS. Before joining Microsoft, Kendal was a SQL Server/Data Platform MVP from 2011-2016.
No comments
Post a Comment