SPN

The SPN option is used to search for Service Principal Names in the AD.  The format of the search string entered in the SPN field is service\host name, e.g. cifs/dc01. wildcards card be used e.g. mssqlsvc/* to get all the SQL SPN in the domain.  Avoid using wildcards for the host name for service names that are included in the sPNMappings attribute as this will cause the details of all the computer objects to be returned. 

The option uses the sPNMappings settings to search for alternative service names against the host name.  These are the service names that are associated to host service name included in the SPMMappings attribute - alerter, appmgmt, cisvc, clipsrv, browser, dhcp, dnscache, replicator, eventlog, eventsystem, policyagent, oakley, dmserver, dns, mcsvc, fax, msiserver, ias, messenger, netlogon, netman, netdde, netddedsm, nmagent, plugplay, protectedstorage, rasman, rpclocator, rpc, rpcss, remoteaccess, rsvp, samss, scardsvr, scesrv, seclogon, scm, dcom, cifs, spooler, snmp, schedule, tapisrv, trksvr, trkwks, ups, time, wins, www, http, w3svc, iisadmin, msdtc.

The Requested SPN Only option is used to limit the item displayed from the found SPNs to the same as requested service name, if this option is deselected, then all the SPN entries assigned to the account are displayed.  

Leave a Reply

Your email address will not be published. Required fields are marked *