Get-DbaSpn View Source Drew Furgiuele (@pittfurg), port1433.com Windows, Linux, macOS Synopsis Retrieves existing Service Principal Names (SPNs) from Active Directory for SQL Server services
Description Queries Active Directory to return SPNs that are currently registered for SQL Server services on specified computers or service accounts. This is essential for troubleshooting Kerberos authentication issues, as missing or duplicate SPNs prevent clients from authenticating to SQL Server using integrated security. Use this command to audit your current SPN configuration before making changes with Set-DbaSpn or when investigating authentication failures.
Remove-DbaSpn View Source Drew Furgiuele (@pittfurg), port1433.com Windows, Linux, macOS Synopsis Removes Service Principal Names from Active Directory service accounts and cleans up related Kerberos delegation
Description Connects to Active Directory to remove specified SPNs from SQL Server service accounts and automatically cleans up associated Kerberos delegation settings. This is essential when decommissioning SQL Server instances, changing service accounts, or troubleshooting Kerberos authentication issues where duplicate or incorrect SPNs exist.
Repair-DbaInstanceName View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Updates SQL Server’s @@SERVERNAME system variable to match the Windows hostname
Description Updates SQL Server’s @@SERVERNAME system variable to match the current Windows hostname, which is required after renaming a Windows server. This ensures proper functionality for Kerberos authentication and Availability Groups.
The function automatically detects the correct new server name and uses sp_dropserver and sp_addserver to update the SQL Server system tables.
Set-DbaSpn View Source Drew Furgiuele (@pittfurg), port1433.com Windows, Linux, macOS Synopsis Sets an SPN for a given service account in active directory (and also enables delegation to the same SPN by default)
Description This function will connect to Active Directory and search for an account. If the account is found, it will attempt to add an SPN. Once the SPN is added, the function will also set delegation to that service, unless -NoDelegation is specified.
Test-DbaConnectionAuthScheme View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Tests and reports authentication scheme and transport protocol details for SQL Server connections
Description This command queries sys.dm_exec_connections to retrieve authentication and transport details for your current SQL Server session. By default, it returns key connection properties including ServerName, Transport protocol, and AuthScheme (Kerberos or NTLM).
This is particularly valuable for troubleshooting authentication issues when you expect Kerberos but are getting NTLM instead.
Test-DbaInstanceName View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Validates SQL Server instance name consistency with the host OS and identifies rename requirements and potential blockers.
Description When a SQL Server’s host OS is renamed, the SQL Server should be as well. This helps with Availability Groups and Kerberos.
This command compares the SQL Server instance name (from @@servername) with the actual hostname and instance combination to determine if they match.
Test-DbaSpn View Source Drew Furgiuele (@pittfurg), port1433.com , niphlod Windows, Linux, macOS Synopsis Validates Service Principal Name (SPN) configuration for SQL Server instances by comparing required SPNs against Active Directory registrations
Description This function discovers SQL Server instances on target computers and validates their Service Principal Name (SPN) configuration for Kerberos authentication. It addresses the common problem of missing or incorrect SPNs that cause authentication failures and double-hop issues in SQL Server environments.
These commands were updated Feb 8, 2017 (v0.8.709) to incorporate feedback ❤️
Right, so the first thing you need to know is: I’m not Chrissy. My name’s Drew, and I’m here tell you about an exciting new release of dbatools: schwifty!
In this release we’ve added three new commands to help you manage SPNs for SQL Server Kerberos authentication. If you have a lot of linked servers in your environment, then this is probably a welcome addition to the toolset for you.
dbatools