Add-SqlSpn Registers each SPN from a plan against the plan's AccountDn (primitive, no conflict check).
Description
Iterates the plan's ProposedSpns and calls setspn -S for each one, then writes a SUCCESS entry to the audit log. This is the low-level primitive: it does NOT run a forest-wide duplicate check, and it does NOT honor the cross-forest -T flag. For the full safety-checked pipeline, use Invoke-SqlSpnExecutionEngine.
Honors ShouldProcess, so -WhatIf and -Confirm work.
Recipes
Recipe 1
EXAMPLE 1
$plan = New-SqlSpnPlan -VerifiedAccount $acct -Infrastructure $infra -Role Engine
$plan | Add-SqlSpn -WhatIf
Recipe 2
EXAMPLE 2
New-SqlSpnPlan -VerifiedAccount $acct -Infrastructure $infra -Role Engine | Add-SqlSpn
Notes
Use Invoke-SqlSpnExecutionEngine when you need pre-flight conflict detection (setspn -Q across the forest) or cross-forest support (-T flag).
Parameters
-SpnPlan required PSObject pipeline
Plan object from New-SqlSpnPlan. Required fields: AccountName, ProposedSpns.
-WhatIf optional SwitchParameter
-Confirm optional SwitchParameter
Was this page helpful? Report an issue or suggest an improvement →