Hi,
Have a look at this article on how to remove an SPN
Gary.
Removal of ServicePrincipalNames on Account
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 27%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
RobC
36
Reputation points
I have 3 user/service accounts with SPN's that I can't remove under user and computers/attribute editor, they are greyed out, I have full domain admin access also.
I've tried in AD, ADSIedit and using powershell.
e.g. Set-ADUser -Identity accountname -ServicePrincipalNames @{Remove='MSSQLSvc/servername.domainname.local:1433'}
Can anyone tell me why it might be greyed out and how to remove it. I've also had global/domain admins try.
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 9%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
ngan 0 Reputation points2025-05-05T08:16:54.5133333+00:00 Hi
you can try to create another account and add it to domain admins group, logon using this new create account and open cmd run as administrator and run your delete spn command to test
Sign in to comment