ADServicePrincipalName - dsccommunity/ActiveDirectoryDsc GitHub Wiki
Parameters
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| ServicePrincipalName | Key | String | The full SPN to add or remove, e.g. HOST/LON-DC1. | |
| Account | Write | String | The user or computer account to add or remove the SPN to, e.g. User1 or LON-DC1$. Default value is ''. If Ensure is set to Present, a value must be specified. | |
| Ensure | Write | String | Specifies if the service principal name should be added or removed. Default value is 'Present'. | Present, Absent |
Description
The ADServicePrincipalName DSC resource will manage service principal names. A service principal name (SPN) is a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. This allows a client application to request that the service authenticate an account even if the client does not have the account name.
Requirements
- Target machine must be running Windows Server 2008 R2 or later.
Examples
Example 1
This configuration will add a Service Principal Name to a user account.
Configuration ADServicePrincipalName_AddUserServicePrincipalName_Config
{
Import-DscResource -Module ActiveDirectoryDsc
Node localhost
{
ADServicePrincipalName 'SQL01Svc'
{
ServicePrincipalName = 'MSSQLSvc/sql01.contoso.com:1433'
Account = 'SQL01Svc'
}
}
}
Example 2
This configuration will add a Service Principal Name to a computer account.
Configuration ADServicePrincipalName_AddComputerServicePrincipalName_Config
{
Import-DscResource -Module ActiveDirectoryDsc
Node localhost
{
ADServicePrincipalName 'web.contoso.com'
{
ServicePrincipalName = 'HTTP/web.contoso.com'
Account = 'IIS01$'
}
}
}