Service Principal Names (SPNs) can only be constructed by using the account base name as the Computer parameter. The directory service enforces this by generating a constraint violation error.
You may not have the rights to access or modify this property on some account objects. You can determine what your access rights are by viewing the security attributes of the account object using the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in. The permission can also be delegated by assigning the Validated write to service principal name permission to the desired user or group.
When reporting Setspn bugs or making requests (such as feature requests), please include the following information:
A detailed description of the problem or request.
The Setspn.exe version number.
The account name and current contents of the servicePrincipalName property.
The security descriptor of the servicePrincipalName property.
The built-in SPNs that are recognized for computer accounts are:
These SPNs are recognized for computer accounts if the computer has a host SPN. Unless they are explicitly placed on objects, a host SPN can substitute for any of the above SPNs.
SPN Case Sensitivity
Service Principal Names (SPNs) are not case sensitive when used by Microsoft Windows-based computers. However, an SPN can be used by any type of computer system. Many of these computer systems, especially UNIX-based systems, are case-sensitive and require the proper case to function properly. Care should be taken to use the proper case particularly when an SPN can be used by a non-Windows-based computer.
Alphabetical List of Tools
Sidwalker Security Administration Tools
Contribuições da comunidade