SPNs

Active Directory Service Principal Names (SPNs) Descriptions

Excellent article describing how Service Principal Names (SPNs) are used by Kerberos and Active Directory:
Service Principal Names (SPNs) SetSPN Syntax (Setspn.exe)

This page is a comprehensive reference (as comprehensive as possible) for Active Directory Service Principal Names (SPNs). As I discover more SPNs, they will be added.

NOTE:

Domain Controllers automatically map common SPNs to the “HOST” SPN.

The HOST SPN is automatically added to the ServicePrincipalName attribute for all computer accounts when the computer is joined to the domain.

The Domain Controller SPN mapping is controlled by the attribute “SPNMappings” in the following location:
“CN=Directory Service,CN=WindowsNT,CN=Services,CN=Configuration

The following SPNs are automatically mapped to HOST (SPNMapping property value):

  • alerter
  • appmgmt
  • cisvc
  • clipsrv
  • browser
  • dhcp
  • dnscache
  • replicator
  • eventlog
  • eventsystem
  • policyagent
  • oakley
  • dmserver
  • dns
  • mcsvc
  • fax
  • msiserver
  • ias
  • messenger
  • netlogon
  • netman
  • netdde
  • netddedsm
  • nmagent
  • plugplay
  • protectedstorage
  • rasman
  • rpclocator
  • rpc
  • rpcss
  • remoteaccess
  • rsvp
  • samss
  • scardsvr
  • scesrv
  • seclogon
  • scm
  • dcom
  • cifs
  • spooler
  • snmp
  • schedule
  • tapisrv
  • trksvr
  • trkwks
  • ups
  • time
  • wins
  • www
  • http
  • w3svc
  • iisadmin
  • msdtc

 

Here’s the PowerShell code to pull the value of the Directory Service property SPNMapping :

Import-Module ActiveDirectory

$ADDomainDistinguishedName = (Get-ADDomain).DistinguishedName

(Get-ADObject -Identity `
“CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,$ADDomainDistinguishedName” `
-Partition “CN=Configuration,$ADDomainDistinguishedName” -Properties sPNMappings).sPNMappings

The results:

host=alerter,appmgmt,cisvc,clipsrv,browser,dhcp,dnscache,replicator,eventlog,eventsystem,policyagent,
oakley,dmserver,dns,mcsvc,fax,msiserver,ias,messenger,netlogon,netman,netdde,netddedsm,nmagent,
plugplay,protectedstorage,rasman,rpclocator,rpc,rpcss,remoteaccess,rsvp,samss,scardsvr,scesrv,
seclogon,scm,dcom,cifs,spooler,snmp,schedule,tapisrv,trksvr,trkwks,ups,time,wins,www,http,w3svc,
iisadmin,msdtc

 

(Visited 8,933 times, 40 visits today)