Setspn Overview: Active Directory

Switch View :

Setspn Overview

Updated: April 23, 2013

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008

This content has been moved to Setspn. Be sure to use a version of Setspn.exe that is included with Windows Server 2008 or later because it includes the –S parameter for adding an SPN. Although you can use Setspn –A to add an SPN, you should use Setspn -S instead because -S will verify that there are no duplicate SPNs.

If you are using Windows Server 2003 or earlier, you will not be able to use the -S switch because it is not available for that platform. In the case where you cannot use -S, you should manually verify that there are no duplicate SPNs by first running Setspn -L.

For more information about service principal names (SPNs) and using Setspn.exe to troubleshoot problems with SPNs, see Service Principal Names (SPNs) SetSPN Syntax (Setspn.exe).

Alphabetical List of Tools
Search Overview
Replmon Overview
Repadmin Overview
Movetree.exe
Ldp Overview
Dsastat Overview
Clonepr Overview
ADSI Edit (adsiedit.msc)
Acldiag Overview
Xcacls Overview
Sidwkr.dll
Sidwalker Security Administration Tools
Sidwalk Overview
Showaccs Overview
Sdcheck Overview
Ktpass Overview
Ksetup Overview
Getsid Overview
Addiag.exe

Other Resources

Service Principal Names (SPNs) on the TechNet Wiki
Service Principal Names on MSDN

Tags :

Community Content

Kurt L Hudson

Check out SPN on the TechNet Wiki

Here is a link to an article about SPNs that I have posted to the TechNet Wiki to hopefully help provide additional information and encourage community collaboration. Please, check it out and make revisions, if you see that some are needed. If you have questions, just put them in there as comments. <mtps:InstrumentedLink NavigateUrl="http://social.technet.microsoft.com/wiki/contents/articles/service-principal-names-spns.aspx" runat="server" xmlns:mtps="http://msdn2.microsoft.com/mtps">http://social.technet.microsoft.com/wiki/contents/articles/service-principal-names-spns.aspx</mtps:InstrumentedLink>

Tags : troubleshooting spn overview; setspn;

Kurt L Hudson

Deleting an SPN

If SPNs must be unique in AD, why do we have to specify a hostname when removing an existing SPN. -------- Reply from Kurt Hudson: This is part of the typical Kerberos specification. You are identifying the machine/computer/host name and the service that is running on it. This is what the Kerberos client will use when requesting a service. So, when you remove an SPN, you are confirming that you want to remove that service/host combination.

Tags :

See Also

Concepts

Other Resources