Skip to content

Support for Accepted SPN #10393

Description

@rtrocmn

Summarize Functionality

It would be great if we could set and get Accepted SPN for use with Extended Protection, by adding commands or extending the Get/Set -DbaSpn or Get/Set -DbaExtendedProtection commands.

Is there a command that is similiar or close to what you are looking for?

Yes

Technical Details

https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/connect-to-the-database-engine-using-extended-protection

Using WMI

$namespace = "root\Microsoft\SqlServer\ComputerManagement15"

$spnList = "MSSQLSvc/sql01.domain.local:1433;MSSQLSvc/sql01:1433"

$wmi = Get-WmiObject -Namespace $namespace `
  -Class ServerNetworkProtocolProperty |
Where-Object {
    $_.PropertyName -eq "AcceptedSPNs" -and
    $_.InstanceName -eq "MSSQLSERVER"
}

$wmi.PropertyStrVal = $spnList
$wmi.Put()

Direct Registry modification

$instanceId = "MSSQL15.MSSQLSERVER"  # adjust

$path = "HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server\$instanceId\MSSQLServer\SuperSocketNetLib"

Set-ItemProperty -Path $path `
  -Name "AcceptedSPNs" `
  -Value "MSSQLSvc/sql01.domain.local:1433;MSSQLSvc/sql01:1433"

Metadata

Metadata

Assignees

No one assigned

    Labels

    featuretriage requiredNew issue that has not been reviewed by maintainers

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions