List, add or remove SPN is done through setspn.exe.
We want to add an SPN gassvc/gasserver.intranet.corporate.com on Myuser user account, we need to set two SPNs to respect the compatibility with older Windows™ that use NETBIOS name:
- gassvc/gasserver.intranet.corporate.com on Myuser
- gassvc/GASSERVER on Myuser
Commands to set these SPNs:
>setspn -A gassvc/gasserver.intranet.corporate.com STRASBOURG\Myuser
Registering ServicePrincipalNames for CN=Myuser,CN=Users,DC=intranet,
DC=corporate,DC=com
gassvc/gasserver.intranet.corporate.com
Updated object
>setspn -A gassvc/GASSERVER STRASBOURG\Myuser
Registering ServicePrincipalNames for CN=Myuser,CN=Users,DC=intranet,
DC=corporate,DC=com
gassvc/GASSERVER
Updated object
Command to list SPN:
>setspn -L Myuser
Registered ServicePrincipalNames for CN=Myuser,CN=Users,DC=intranet,
DC=corporate,DC=com
gassvc/GASSERVER
gassvc/gasserver.intranet.corporate.com
Example of SPN usage
Figure 1. SPN Usage