#StackBounty: #active-directory #windows-server-2008-r2 #kerberos #spn setspn does not affect Active Directory Users

Bounty: 50

I run the setspn command for specific user on Domain Controller.

C:>setspn -s example/username.companyname.com username
Checking domain DC=companyname,DC=com

Registering ServiceprincipalNames for CN=username,CN=Users,DC=companyname,DC=com
        example/username.companyname.com
Updated object

And immediately can see result in console.

C:>setspn -L username
Registering ServiceprincipalNames for CN=username,CN=Users,DC=companyname,DC=com
        example/username.companyname.com

But it never affects this user in “Active Directory Users and Computers”.

His attribute “servicePrincipalName” is not set.

Maybe there is some kind of cache?


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.