-
标题
How to populate serviceprincipalname of an Active Directory (AD) user? -
说明
How to populate serviceprincipalname or other attributes of an Active Directory (AD) user?
-
解决办法
You can use vastool setattrs command:
Usage: vastool setattrs [-dgsumrfi] [-U uri] {objectname} [attribute] [value]
-d Interpret the objectname as an LDAP DN
-g Interpret the objectname as a group name
-s Interpret the objectname as a Kerberos service principal name
-u Interpret the objectname as a user name
-m Set a multi-valued attribute. Arg format: [attr value...]
-r Remove the listed attributes. Arg format: [attr...]
-U uri URI of server name to perform search against
-f Objectname is the path of a file that contains DN's to modify
-i Read attribute value from stdin (invalid with -m and -r). Arg format: {attr}
Example:# vastool -u administrator setattrs tuser1 serviceprincipalname vas/tuser1
On Windows based machines:
You need to use the setspn.exe utility
Please see the following Microsoft article for more information:
http://technet.microsoft.com/en-us/library/cc773257%28WS.10%29.aspx