Hello,
Trying to implement Constrained delegation for AD sql server service account. We did create SPN for the AD sql server service account (SQL2k19 version). No issues. Inside Active Directory Users and Computers, when I right click on the AD sql server service account, select Properties, select Delegation tab, I will be selecting Trust this user for delegation to specified services only and Kerberos only. When I am adding Users and Computers, I should be selecting MSSQLSvc service type which has SPNs created. My question is do I need to select the name of the concerned sql server where the AD sql server service account resides right?
Secondly, if there are windows failover cluster hosting 2 or more AlwaysOn nodes, on the MSSQLSvc service type Users and Computers field, do I need to include the FQDNs of all those sql server AlwaysOn nodes?
Will greatly appreciate your early response.
Thanks.
Vinaya Rao