Get-DbaSpn - Users expect it to act like setspn -l domain\account #685

Open
ctrlbold opened this Issue Feb 8, 2017 · 1 comment

Projects

None yet

4 participants

@ctrlbold
Member
ctrlbold commented Feb 8, 2017 edited

Is this a feature OR bug:

Both? Needs docs

Details

Basically, someone thought some entries were missing

> setspn -l
MSSQLSvc/CORPSQL1.system.CORPDOMAIN:50141
MSSQLSvc/CORPSQL1:50141
MSSQLSvc/CORPSQL1\PORTOCENTRE:50141
MSSQLSvc/CORPSQL1.system.CORPDOMAIN\PORTOCENTRE:50141

> Get-DbaSpn -ComputerName CORPSQL1 | select SPN
MSSQLSvc/CORPSQL1.system.CORPDOMAIN
MSSQLSvc/CORPSQL1.system.CORPDOMAIN:1433

> setspn -l
mssqlsvc/CORPSQL2
mssqlsvc/CORPSQL2.system.CORPDOMAIN:1433
mssqlsvc/CORPSQL2:1433
mssqlsvc/CORPSQL2.system.CORPDOMAIN\portocentre
mssqlsvc/CORPSQL2\portocentre
mssqlsvc/CORPSQL2:49850
mssqlsvc/CORPSQL2.system.CORPDOMAIN:49580

> Get-DbaSpn -ComputerName CORPSQL2 | select SPN
MSSQLSvc/CORPSQL2.system.CORPDOMAIN:1433
MSSQLSvc/CORPSQL2.system.CORPDOMAIN:49580

Ultimately, he had to run

Get-DbaSpn -AccountName domain\sqlserver | Where-Object SPN -like *CORPSQL1* | Select SPN

To get it to work as he expected. Which is fine, but we need to clarify both in Get-DbaSpn's Help and on the webpage.

@forensicsguy20012004

Yeah I think I found something along these lines as well

result of Get-DbaSpn

ComputerName : Myserver.domain.net
InstanceName : MSSQLSERVER
SqlProduct : SQL Server 20xx Enterprise Edition (64-bit)
InstanceServiceAccount : NT SERVICE\MSSQLSERVER
RequiredSPN: MSSQLSvc/Myserver.domain.net:port
IsSet : False
Cluster : False
TcpEnabled : True
Port : MyPort
DynamicPort : False
Warning : None
Error : SPN missing

However with setspn -l Myserver:

MSSQLSvc/Myserver.domain.net:Port
MSSQLSvc/Myserver.domain.net

Since my SQL is running at [NT SERVICE\MSSQLSERVER], Get-DbaSpn does not show a valid SPN but the old school setspn -l does show a valid SPN.

Looks like something that just needs to be investigated a little bit further. Either way...AWESOME WORK

@ctrlbold ctrlbold added a commit that referenced this issue Feb 13, 2017
@ctrlbold ctrlbold fixes #713 and #685 b0f6a88
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment