How to SPID

Service Principal Names or SPN is a concept that is familiar to those who work with Active Directory. SPN is a setting that is used to identify services and applications. It is used to help clients identify the resources to which they need to connect, and it is essential for applications that use Kerberos authentication.

SharePoint is a popular platform that uses Kerberos authentication for its applications. When an SPN is set up correctly, Kerberos authentication can be used to provide secure access to SharePoint applications.

Enabling SPID in SharePoint is a simple process, but there are a few essential steps that need to be followed.

The first step is to identify the service account that is used to run the SharePoint application pool. This service account is the identity that is used to authenticate requests to the SharePoint application.

To identify this account, go to the Internet Information Services (IIS) Manager, click on the Application Pools node, and then look for the SharePoint application pool. Right-click on the application pool and select Properties. In the General tab, you will see the name of the identity that is used to run the application pool.

Once you have identified the SharePoint service account, the next step is to create an SPN for it. To create an SPN, you need to use the SetSPN command-line tool. This tool is available on all Windows servers that have the Active Directory Domain Services role installed.

Open a command prompt window and type the following command:

setspn -a http/servername.domain.com domain\service_account

Replace servername.domain.com with the name of the server where SharePoint is installed. Replace domain\service_account with the name of the domain and the service account name that you identified earlier.

After running the SetSPN command, you can use the Ldp tool to verify that the SPN has been created correctly. The Ldp tool is also available on all Windows servers that have the Active Directory Domain Services role installed.

Open the Ldp tool, click on Connection in the menu and then click on Connect. Enter the name of the domain controller that you want to connect to and click OK. Click on Connection again and then click on Bind. Enter your domain credentials and click OK.

Click on View in the menu and then click on Tree. Enter the root domain of your Active Directory forest and click OK. Click on Expand to expand the domain, and then navigate to the CN=Users container.

Right-click on the service account that you identified earlier and select Properties. Scroll down to the servicePrincipalName attribute, and you should see the SPN that you created earlier.

Enabling SPID for SharePoint is a crucial step in providing secure access to your SharePoint applications. By correctly setting up an SPN, Kerberos authentication can be used, which provides a more secure and efficient method of authentication.

In conclusion, the process of enabling SPID is a simple task that requires attention to detail. Identifying the service account that runs the SharePoint application pool and creating an SPN for it are essential steps that need to be followed. By following these steps, you can ensure that your SharePoint applications are protected by Kerberos authentication.

Quest'articolo è stato scritto a titolo esclusivamente informativo e di divulgazione. Per esso non è possibile garantire che sia esente da errori o inesattezze, per cui l’amministratore di questo Sito non assume alcuna responsabilità come indicato nelle note legali pubblicate in Termini e Condizioni
Quanto è stato utile questo articolo?
0Vota per primo questo articolo!