Recently we needed to add a new alias to a share for it to be accessible from
- Add DNS A record for that name ( e.g. fileshare -> 192.168.0.33 )
Run below on domain controller
- run setspn -S host/fileshare existingfileshareserver (e.g. setspn -S host/filenew file01)
- run setspn -S host/fileshare.domain.local existingfileshareserver (e.g. setspn -S host/filenew.domain.local file01)
If a item already exists you will need to clear is
- setspn -D host/filenew file01
- setspn -D HOST/filenew.domain.com file01
Examples:
setspn -R daserver1
It will register SPN “HOST/daserver1” and “HOST/{DNS of daserver1}”
setspn -S http/daserver daserver1
It will register SPN “http/daserver” for computer “daserver1”
if no such SPN exists in the domain
setspn -D http/daserver daserver1
It will delete SPN “http/daserver” for computer “daserver1”
setspn -F -S http/daserver daserver1
It will register SPN “http/daserver” for computer “daserver1”
if no such SPN exists in the forest
setspn -U -S http/daserver dauser
It will register SPN “http/daserver” for user account “dauser”
if no such SPN exists in the domain
setspn -T * -T bar -X
It will report all duplicate registration of SPNs in this domain and bar
setspn -T bar -F -Q */daserver
It will find all SPNs of the form */daserver registered in the forest to
which bar belongs
Loading...