dbatools is a free PowerShell module with over 180 SQL Server administration, best practice and migration commands included.


Set-DbaSpn

This function will take in a -SPN parameter and a -ServiceAccount parameter. It will then connect to Active Directory and add the provided SPN to the provided account name. Once the SPN is set, the function will also set constrained delegation to that service for the account name.

Note that this the account running this command must have membership in Domain Admins, Enterprise Admins, or must have been delegated the appropriate authority. You can pass a [PSCredential] object to the -Credential parameter to easily set the SPN as an alternative user.

Screenshots

You can even use Test-DbaSpn to help easily Set all required SPNs

Examples

Set the default SPN for the default instance of SQL Server for a service account

Set-DbaSpn -SPN MSSQLSvc/SQLSERVERC.boatmurder.local:1433 -ServiceAccount ad\sqlc_svc

Use alternate Windows credentials to set the default SPN for the default instance of SQL Server for a service account

Set-DbaSpn -SPN MSSQLSvc/SQLSERVERC.boatmurder.local:1433 -ServiceAccount ad\sqlc_svc -Credential (Get-Credential)

Author

This command was created by Drew Furgiuele. You can find Drew tweeting about SQL Server and PowerShell on Twitter and blogging at port1433.com.

Get-Help

From PowerShell, execute Get-Help Set-DbaSpn -Detailed for more information on this function.

Source Code

Want to see the source code? View Set-DbaSpn.ps1 on GitHub
 

Related commands