2 questions about set spn and active directory users and computers in server2008r2
-
terça-feira, 1 de maio de 2012 20:50
hello,
I run dcpromo and promote my computer as domain controler in new forest and new domain.
1-first when I go to active directory users and computers I don't see under computer tab any computer name(of my domain conroller). is this normal when you have only one domain controller installed without clients or other servers?
2--also to enable a user to trusted for delegation I don't see any delegation tab on the user properties. so I searched in google and found that I have to configure SPN for users. with setspn.exe utility. but now I am confused, when I use set spn command do I have to use (a) switch or (S) switch to configure spn for trusted account.
my computer FQDN is dave.john.local ,dave is my computer name and john.local is my domain name,and my account name is bob. can you give me a little example from this names how I have to use here setspn command to configure spn for my trusted user account?which switch I have to use here a or S?
second ,do I have to run spn also for my computer domain name,if yes can you also give me a little example? very short answers and very short examples wil be enough.
thanks very much
johan
h.david
h.david
Todas as Respostas
-
terça-feira, 1 de maio de 2012 21:12
Hello,
1-first when I go to active directory users and computers I don't see under computer tab any computer name(of my domain conroller). is this normal when you have only one domain controller installed without clients or other servers?
You will find it under "Domain Controllers" OU. Please don't move it from there.
2--also to enable a user to trusted for delegation I don't see any delegation tab on the user properties. so I searched in google and found that I have to configure SPN for users. with setspn.exe utility. but now I am confused, when I use set spn command do I have to use (a) switch or (S) switch to configure spn for trusted account.
If you have missing tabs, consider clicking on View > Advanced features.
For examples about using setspn command: http://technet.microsoft.com/en-us/library/cc731241%28v=ws.10%29.aspx
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.Microsoft Student Partner 2010 / 2011
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows 7, Configuring
Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer- Sugerido como Resposta Santosh BhandarkarMicrosoft Community Contributor, Moderator quarta-feira, 2 de maio de 2012 08:46
- Marcado como Resposta hovhannes david sexta-feira, 4 de maio de 2012 15:43
-
quarta-feira, 2 de maio de 2012 08:36Moderador Hi david,1. Yes, it's normal, after a computer is promoted to be a domain controller, it will be located to Domain Controllers OU instead of Computers container.
2. You should use setspn -a <SPN> domain\username command to register the service SPN for the user account, like: setspn -a http/webserver.domain.com domain\username. For more information about how to use SPN, please refer to: http://technet.microsoft.com/en-us/library/cc731241%28v=ws.10%29.aspx
Regards,Cicely- Editado Cicely FengMicrosoft Contingent Staff, Moderator quarta-feira, 2 de maio de 2012 08:37
- Sugerido como Resposta Santosh BhandarkarMicrosoft Community Contributor, Moderator quarta-feira, 2 de maio de 2012 08:47
- Marcado como Resposta hovhannes david sexta-feira, 4 de maio de 2012 15:43
.png)
