Creating Service Principal Names (SPNs)

Through the years I have had to create a Service Principal Names on servers in Active Directory for one reason or another. So far in the past, I have always used the SETSPN.EXE utility from the support tools that ships with Windows to create thos SPNs. SETSPN however was never that friendly of a tool to me.

Today, I discovered through a few locations on the net that you could also use ADSIEDIT.MSC (also ships in the support tools with Windows) to manage SPNs. Cool. Basically once you have installed the support tools you can run ADSIEDIT.MSC.

From within there, navigate through the tree to the computer or user account you are trying to edit SPNs for. Right click on the CN=… entry for the item and select “properites”. On the “Attribute Editor” tab double click on the “servicePrincipalName” attribute to manage the SPNs for that object. Pretty handy, and more intuitive than the SETSPN.EXE command line.

Leave a Reply