1

I am trying to make a script that runs some cmd command to set SPN: something in effect of for each item in my list run setspn -s (name of the spn) domain\service account but I have a hard time running command line as well as i need to be able to change (name of SPN as i go though the list)

$List = Get-Content C:\Users\MyComputer\Desktop\Lists.txt
foreach($PN in $List){
$Semper_fi = @' 
cmd.exe /C setspn –S "some SPN name\corp.com:1000" corporatedomain\ServiceAccount1                                                                            
'@
Invoke-Expression -Command:$Semper_fi
}

-S is suppose to look in AD and if the name doesn't exist adds or otherwise moves to next item and so on. but it gives me an error: + CategoryInfo : NotSpecified: (Unknown paramet...eck your usage.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError

so it would like this for every name in the list: (check to see if not in ad add this) (this SPN) setspn -s serverSQL1/pop1.company.com:2500

(under this service account) Domain\Service100

and keep going until done.

AlwaysWrong
  • 11
  • 3
  • the actual command that i can run in cmd is: setspn –A "MySQL/PM1.corp.com:2643" domain\serviceacccount. the -A is a switch that can be -S and -D and s on. i need to be able to run this command using powershell. – AlwaysWrong Sep 07 '16 at 17:34
  • Why use cmd.exe? Just run setspn.exe. [This article](http://windowsitpro.com/powershell/running-executables-powershell) has a utility called `showargs.exe` that will let you see the command line PowerShell constructs and some tips that will help you create the setspn.exe command line correctly in PowerShell. – Bill_Stewart Sep 08 '16 at 03:18

2 Answers2

0

I think the only issue with your syntax is that you need to drop the : from your invoke expression as it is not called for in the cmdlet specification. Then you can put in your name from the list by replacing "some SPN name" with $($PN).

however you can clean up your loop if you drop invoke-expression entirely and use the call operator & instead. In that case you would replace the entirety of the inside of your foreach loop with
& cmd.exe /C setspn –S $PN\corp.com:1000 corporatedomain\ServiceAccount1

I'm about 90% that should work but I don't have a test environment where I can muck around with SPN's available right now so I can't confirm, if you get any kind of error please let me know and I will try and help you sort it out.

Mike Garuccio
  • 2,588
  • 1
  • 11
  • 20
  • it doesn't work. gives the same error again so my code looks like this: $List = Get-Content C:\Users\mypc\Desktop\Lists.txt foreach($PN in $List){ & cmd.exe /C setspn –D "MSSQ/PM1.US.world.com:2643" na\s01234 } – AlwaysWrong Sep 07 '16 at 19:02
0

Thanks for the starter; it pointed me in the right direction. In the end, this is what worked for me:

$List = Get-Content C:\scripts\servernames.csv
foreach($PN in $List)

{
$SB1= "MSSQLSvc/" + $PN + ".domain.local"
$SB2= "MSSQLSvc/" + $PN + ".domain.local:1433"
setspn -s $SB1   domain\service-account
setspn -s $SB2   domain\service-account
}
Jeremy Caney
  • 7,102
  • 69
  • 48
  • 77
Stephen
  • 1