Skip to content

AddsServicePrincipalNames.adoc

Latest commit

 

History

History
100 lines (78 loc) · 2.76 KB

AddsServicePrincipalNames.adoc

File metadata and controls

100 lines (78 loc) · 2.76 KB

DSC Resource 'AddsServicePrincipalNames'

AddsServicePrincipalNames manages Service Principal Names within Active Directory.

When to use 'AddsServicePrincipalNames'

Use this resource when you need to register or manage Kerberos Service Principal Names (SPNs) on AD objects. SPNs are required for Kerberos authentication to work correctly with services like SQL Server, IIS, or custom applications running under domain accounts.

A service principal name (SPN) is a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. This allows a client application to request that the service authenticate an account even if the client does not have the account name.

Source

DSC Resource

Documentation
Table 1. Attributes of category 'AddsServicePrincipalNames'
Parameter Attribute DataType Description Allowed Values

ServicePrincipalNames

Hashtable[]

The list of service principal name to configure.
Table 2. Attributes of DSC Resource 'AddsServicePrincipalNames/ServicePrincipalNames'
Parameter Attribute DataType Description Allowed Values

ServicePrincipalName

Key

String

The full SPN to add or remove, e.g. HOST/LON-DC1.

Account

String

The user or computer account to add or remove the SPN to, e.g. User1 or LON-DC1$.

If Ensure is set to Present, a value must be specified.

Default: ''

Ensure

String

Specifies if the service principal name should be added or removed.

  • Present (default)

  • Absent
Example
AddsServicePrincipalNames:
  ServicePrincipalNames:
    - Account: nyanhp
      ServicePrincipalName: HOST/JHP
    - Account: nyanhp
      ServicePrincipalName: WINRM/JHP