Remove-SqlSpn Deregisters each SPN in a plan from the plan's AccountDn (primitive).
Description
Iterates the plan's ProposedSpns and calls setspn -D for each one, then writes a SUCCESS entry to the audit log. This is the deregistration counterpart to Add-SqlSpn. Used to clean up stale SPNs after a service identity change or a server decommission.
Honors ShouldProcess, so -WhatIf and -Confirm work. Use -WhatIf first when decommissioning to confirm the SPN list before pulling.
Recipes
Recipe 1
EXAMPLE 1
$plan | Remove-SqlSpn -WhatIf
Recipe 2
EXAMPLE 2
$plan | Remove-SqlSpn -Confirm:$false
Notes
For compatibility with Add-SqlSpn, this command does not run a forest-wide existence check before attempting removal. setspn -D is a no-op (with a warning) if the SPN doesn't exist.
Parameters
-SpnPlan required PSObject pipeline
Plan object describing which SPNs to remove and from which account. Required fields: AccountName, ProposedSpns. The same New-SqlSpnPlan output used to register can be piped here to unregister.
-WhatIf optional SwitchParameter
-Confirm optional SwitchParameter
Was this page helpful? Report an issue or suggest an improvement →