How To Manage Active Directory SPNs Using PowerShell

A service principal name (SPN) is a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. This allows a client application to request that the service authenticate an account even if the client does not have the account name.

In this video, we will go through how to manage SPNs with PowerShell. Using the Get-ADUser command from the ActiveDirectory module, we will view the currently configured SPNs by querying the ServicePrincipalNames property. Using the Get-ADUser command, we will then explore how to Add, Remove and Replace SPNs in the ServicePrincipalNames property. Finally, we will go over how to clear all SPN values for an account.

Prerequisites include: - ActiveDirectory PowerShell Module