AD Service Principal Names

Service Principal Name is a unique identifier of a service instance and is used by Kerberos Authentication to link a service instance with a service logon account.

SPNs have the format of serviceclass/host:port servicename

For example HTTP/www.treyresearch.net:8080

Serviceclass is required and identifies the general class of service such as SQL

Host is required and is the name of the computer the service is running on. This may be FQDN or netbios

Port is optional and only specified if the default port is not used

The default SPNs are registered by the NetLogon service. They are refreshed every 22 minutes after startup.

 

(Image)

 

Command line  create a SPN

Leave a Reply