As part of assisting build engineers or working through operational acceptance planning, I often have to discuss or work with Service Principal Names (SPNs).

For most people even mentioning the word SPN has them running from the many headed Cerberus  let alone working out how to actually use the setspn.exe commands.

Once calm has ensued I always mention that you can manage Service Principal Names like any other Active Directory Object Attribute through the Active Directory Users and Computers interface.

As most did not know this. I though I would explain how to do this here.

There are a few rules:-

  1. You must have extended your Active Directory Schema for 2008  (Extend your AD display specifiers)
  2. You must use at least a Windows 2008 Active Directory Users and Computers console
  3. You do not see the attribute editor tab if you search for a user and then open its properties.

Below is an example of adding a SQL Service Principal name to a service account:-

1. Browse for the service account in question and open its properties. Select the Attribute Editor tab.

SPN-Attribute Editor

2. Scroll down until you find the Service Principal Name attribute and edit that attribute. Add and remove as required.

SPN-Attributes