How to easily Check your SPN and Delegation settings for SQL Server in an Active Directory environment

, ,

I was recently setting up some Linked SQL Servers for a customer to perform queries against a database on one server through another. One of the things you need to get right when setting up linked servers when using Service accounts in Active Directory is SPNs (or Service Principal Names) and Authority to Delegate (for Kerberos authentication) which can sometimes be quite cumbersome through ADUC or ADSI edit.

I then stumbled upon a little tool from Microsoft called the Microsoft Kerberos Configuration Manager for SQL Server. Running this little tool on the two SQL servers I could quickly and more easily see the SPNs (see picture to the right) and Delegation permissions.  As one server was quite old (and before my time) I could easily see that the SPNs configured for that particular service account were incorrect and the tool even allows you to fix this by generating the correct SPN. Hope that helps save some time in the future.


Leave a Reply

More Posts

Enable the Intel 82579V Giagbit NIC on Server 2016

An old draft I’ve had for a while, just posting for posterity and safe keeping. So I’ve done a few upgrades to my VM Host machine and decided to go up to Windows Server 2016, once installed and at the desktop, I found my onboard LAN port wasn’t coming up, so I downloaded the driver […]

Remove all disabled user from an Active Directory Group with Power Shell using Quest Active Roles AD Management

The following code snippet which I ran through PowerShell ISE (learn how to get it on Windows Server) will remove all disabled users from a particular group.  Useful for the end of year / start of year clean up in a school environment. You will need the ActiveRoles Management Shell for Active Directory, available by […]

Office 2010 and Windows Sysprep Adventures

For our new roll out next year, we are deploying Microsoft Office 2010 and using KMS as our licensing method. Througthe use of sysprep’s generalize command, Windows will flush its Activation Status and associated hardware ID as well as rearming the activation state to its fresh install state (grace period). With the introduction of Office […]