I need to be able to manage SQL Server SPNs in a large estate but using the setspn command is a bit too slow.
Is there an alternative to the setspn command that is faster? Perhaps in the ActiveDirectory PowerShell module?
Thanks
Asked
Active
Viewed 952 times
1
-
5There's a reason SetSPN is slow - it's querying the directory to ensure no collisions will occur - are you sure you want to forego all the nice error handling setspn gives you for free? – Mathias R. Jessen May 22 '17 at 13:16
-
2Also, what are the speed requirements? SetSPN is called once on server build. Even if you're building 100 servers, put them in a file, write a script to iterate over there file, and go get lunch. – Ben Thul May 23 '17 at 05:20
-
@Mathias, thanks. I need the error handling. I was hoping though that there was perhaps a faster alternative to the 'setspn' command – Luke May 23 '17 at 06:09
-
@Ben, my issue lies with *setspn -L
* for 200 accounts. The quicker the better. – Luke May 23 '17 at 06:11
1 Answers
1
I am not aware of any method outside of setspn to manage SPNs. I mean even if you get some 3rd party solution, expect it is still going to be calling that in the background as it is the utility used in AD for that purpose.
The dbatools module includes functions around managing SPNs for SQL Server. In testing they have performed a bit better than Microsoft's Kerberos Configuration Manager. I mean in a large domain it may not be the fastest, but it will offer you the ability to automate the validation/setting/etc.
The commands available:
This module is maintained/hosted on GitHub so you can find the code here.