Exportar (0) Imprimir
Expandir Tudo

Delegating Authority to Modify SPNs

If you need to allow delegated administrators to configure service principal names (SPNs), you must ensure that their user accounts have the Validated write to service principle name permission.

Membership in Domain Admins, or equivalent, is the minimum required to complete this procedure. Revise os detalhes sobre o uso de contas e associações a grupos apropriadas em http://go.microsoft.com/fwlink/?LinkId=83477 (a página pode estar em inglês).

To grant permission to modify SPNs
  1. Open Active Directory Users and Computers. To open Active Directory Users and Computers, click Start, click Run, type dsa.msc, and then press ENTER.

  2. Click View, and ensure that the Advanced Features check box is selected. If it is not selected, click Advanced Features. If the domain to which you want to allow a disjoint namespace does not appear in the console, do the following:

    1. In the console tree, right-click Active Directory Users and Computers, and then click Connect to Domain.
    2. In the Domain box, type the name of the Active Directory domain to which you want to allow the disjoint namespace (or use the Browse button to locate it), and then click OK.
  3. In the console tree, right-click the node that represents the domain to which you want to allow a disjoint namespace, and then click Properties.

  4. On Security tab, click Advanced.

  5. On the Permissions tab, click Add.

  6. In Enter the object name to select, type the group or user account name to which you want to delegate permission, and then click OK.

  7. Configure the Apply onto box for Computer objects.

  8. At the bottom of the Permissions box, select the Allow check box that corresponds to the Validated write to service principal name permissions, and then click OK on the three open dialog boxes to confirm your changes.

  9. Close Active Directory Users and Computers.

Isso foi útil para você?
(1500 caracteres restantes)
Agradecemos os seus comentários

Contribuições da comunidade

Mostrar:
© 2014 Microsoft