Open KennyNeal opened 6 months ago
It might work better as a property on the Test-DbaSpn
output?
Looking at the code, I don't see an easy way to do that. The code is working with methods of the ad objects, not creating some kind of script.
Maybe you can provide an example "script" that you would like to be created.
After thinking about this more, I really think a better solution is to use something like the below. This will produce a setspn.cmd
that will create the applicable SPNs. It won't add the Kerberos Delegation that Set-DbaSpn
does though.
test-dbaspn computername | ForEach-Object { "setspn -S $($_.requiredspn)" } | Set-Content setspn.cmd
I'm not sure if dbatools
should get into dynamically creating setspn
commands?
I see this clearly out of scope of dbatools and will not work on this issue.
Summarize Functionality
DBAs do not always have permission to change AD. Set-DbaSpn could export the setspn scripts that could be handed off to a team with proper permissions. This is similar to what can be generated from the Kerberos Configuration Manager for SQL Server.
Is there a command that is similiar or close to what you are looking for?
No
Technical Details
Kerberos Configuration Manager for SQL Server