SPN was created to help many organizations to be more reliable and secure.Some organizations was faced with the same problem: service accounts.
So, I think the best phtase that describe SPN is: SPN represents user account under which services run.
The sintax for SPN in AD DS is:
Setspn < service type >/< host name >:< port number >/< distinguished name >
Let’s detail a little.
Service type: Is the service that will be assigned, such as: http or https or anyone.
Hostname: the FQDN of the server.
Port number: the number os the service por. 80, 443, etc.
Distinguished name: The name of the service.
One important thing before create a SPN is query about the existing server or service in that server. You can list the SPN’s for the server before:
Setspn -l server01.ucsteps.com
Also, instead -l (to list), you can use -q to query service type/hostname or use -d to unassociate.
The option -s will ensure that there is not a duplicated SPN before start.
A example of the command:
setspn –s http/server01.ucsteps.com:80 Ucsteps\GG_Http_server01
I hope this post can help you to understand the SPN and also to start to use it.