Summarize Functionality
It would be great if we could set and get Accepted SPN for use with Extended Protection, by adding commands or extending the Get/Set -DbaSpn or Get/Set -DbaExtendedProtection commands.
Is there a command that is similiar or close to what you are looking for?
Yes
Technical Details
https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/connect-to-the-database-engine-using-extended-protection
Using WMI
$namespace = "root\Microsoft\SqlServer\ComputerManagement15"
$spnList = "MSSQLSvc/sql01.domain.local:1433;MSSQLSvc/sql01:1433"
$wmi = Get-WmiObject -Namespace $namespace `
-Class ServerNetworkProtocolProperty |
Where-Object {
$_.PropertyName -eq "AcceptedSPNs" -and
$_.InstanceName -eq "MSSQLSERVER"
}
$wmi.PropertyStrVal = $spnList
$wmi.Put()
Direct Registry modification
$instanceId = "MSSQL15.MSSQLSERVER" # adjust
$path = "HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server\$instanceId\MSSQLServer\SuperSocketNetLib"
Set-ItemProperty -Path $path `
-Name "AcceptedSPNs" `
-Value "MSSQLSvc/sql01.domain.local:1433;MSSQLSvc/sql01:1433"
Summarize Functionality
It would be great if we could set and get Accepted SPN for use with Extended Protection, by adding commands or extending the Get/Set -DbaSpn or Get/Set -DbaExtendedProtection commands.
Is there a command that is similiar or close to what you are looking for?
Yes
Technical Details
https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/connect-to-the-database-engine-using-extended-protection
Using WMI
Direct Registry modification