How to populate serviceprincipalname of an Active Directory (AD) user? (4270797)

How to populate serviceprincipalname or other attributes of an Active Directory (AD) user?

You can use vastool setattrs command:

Usage: vastool setattrs [-dgsumrfi] [-U uri] {objectname} [attribute] [value]
-d       Interpret the objectname as an LDAP DN
-g       Interpret the objectname as a group name
-s       Interpret the objectname as a Kerberos service principal name
-u       Interpret the objectname as a user name
-m       Set a multi-valued attribute. Arg format: [attr value...]
-r       Remove the listed attributes. Arg format: [attr...]
-U uri   URI of server name to perform search against
-f       Objectname is the path of a file that contains DN's to modify
-i       Read attribute value from stdin (invalid with -m and -r). Arg format: {attr}

Example:

#  vastool -u administrator setattrs tuser1 serviceprincipalname vas/tuser1

On Windows based machines:

You need to use the setspn.exe utility

Please see the following Microsoft article for more information:

http://technet.microsoft.com/en-us/library/cc773257%28WS.10%29.aspx