dbatools is a free PowerShell module with over 200 SQL Server administration, best practice and migration commands included.

Please note that documentation and command names may be out of date while we work furiously towards 1.0


Remove-DbaSpn

This function will take in a -SPN parameter and a -ServiceAccount parameter. It will then connect to Active Directory and add the provided SPN to the provided account name. Once the SPN is set, the function will also set constrained delegation to that service for the account name.

Note that this the account running this command must have membership in Domain Admins, Enterprise Admins, or must have been delegated the appropriate authority. You can pass a [PSCredential] object to the -Credential parameter to easily set the SPN as an alternative user.

Screenshots

The following screenshot shows a way to easily remove SPNS of decommissioned servers.

Both Set and Remove fully support -WhatIf

Examples

Remove the default SPN for the default instance of SQL Server for a service account

Remove-DbaSpn -SPN MSSQLSvc/SQLSERVERC.boatmurder.local:1433 -ServiceAccount ad\sqlc_svc

Use alternate Windows credentials to remove the default SPN for the default instance of SQL Server for a service account

Remove-DbaSpn -SPN MSSQLSvc/SQLSERVERC.boatmurder.local:1433 -ServiceAccount ad\sqlc_svc -Credential (Get-Credential)

Author

This command was created by Drew Furgiuele. You can find Drew tweeting about SQL Server and PowerShell on Twitter and blogging at port1433.com.

Get-Help

From PowerShell, execute Get-Help Remove-DbaSpn -Detailed for more information on this function.

Source Code

Want to see the source code? View Remove-DbaSpn.ps1 on GitHub
 

Related commands