Your network contains an Active Directory domain named contoso.com.
The domain contains a web application that uses Kerberos authentication.
You change the domain name of the web application.
You need to ensure that the service principal name (SPN) for the application is registered.
Which tool should you use?
A.
Rdspnf
B.
Active Directory Users and Computers
C.
Dnscmd
D.
Ldifde
Should be D.
You can use LDIFDE to export a textfile with all used spn.
https://social.technet.microsoft.com/wiki/contents/articles/18996.active-directory-powershell-script-to-list-all-spns-used.aspx
11
5
I also think that the answer is D otherwise it would have to use adsedit.msc
5
0
The given answer is correct. It used to be setspn. But in Windows 2016, Microsoft now finally acknowledges the method us administrators have been using for years.
If you turn on Advanced Features in your ADUC, you can browse to the tab called “Attribute Editor” on every object. Do that on a computer-object. In there, you’ll find a value called “servicePrincipalName”. You can manually add and remove SPNs there. For real-life, learn the format: ServiceName/ComputerName(or FQDN). This can include a port number as well.
22
1
This is one of those vague questions that I hate the most on these exams.
“You need to ensure that the service principal name (SPN) for the application is registered.”
Since this is asking to make sure the SPN exists, I would agree with davidcertifier that it should be the given answer.
Doesn’t LDIFDE only bring back the existing SPN information?
0
0