Service Publication and Service Principal Names Tools and Settings
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2
In this section
Service Publication and SPN Tools
Service Publication and SPN WMI Classes
Network Ports Used by Service Publication and SPNs
This section contains information about the tools, Windows Management Instrumentation (WMI) classes, and network ports that are associated with service publication and service principal names (SPNs).
Note
In Windows 2000 Server and Windows Server 2003, the directory service is named Active Directory. In Windows Server 2008 and Windows Server 2008 R2, the directory service is named Active Directory Domain Services (AD DS). The rest of this topic refers to Active Directory, but the information is also applicable to AD DS.
Service Publication and SPN Tools
The following tools are associated with service publication and SPNs.
Adsiedit.msc: ADSI Edit
Category
This tool ships with Support Tools for Windows Server 2003.
Version compatibility
| Can Be Run From | Can Be Run Against |
|---|---|
Domain controllers running:
Servers running:
Computers running:
|
Domain controllers running:
|
ADSI Edit is a Microsoft Management Console (MMC) tool that you can use to view and modify directory objects and attributes, including connection point objects, and SPN attributes.
To find more information about ADSI Edit, see “Support Tools Help” in Tools and Settings Collection.
Repadmin.exe: Repadmin
Category
This tool ships with Support Tools for Windows Server 2003.
Version compatibility
| Can Be Run From | Can Be Run Against |
|---|---|
Domain controllers running:
Servers running:
Computers running:
|
Domain controllers running:
|
Administrators can use Repadmin to monitor and manage replication between domain controllers. To find more information about Repadmin, at a command prompt type repadmin /? or see “Command-Line References” in Tools and Settings Collection.
Setspn.exe: Setspn
Category
This tool ships with Support Tools for Windows Server 2003.
Version compatibility
| Can Be Run From | Can Be Run Against |
|---|---|
Domain controllers running:
Servers running:
Computers running:
|
Domain controllers running:
|
Administrators can use this command-line tool to read, modify, and delete values in the servicePrincipalNames attribute on an Active Directory service account object.
To find more information about Setspn, see “Support Tools Help” in Tools and Settings Collection.
Service Publication and SPN WMI Classes
The following table lists and describes the WMI classes that are associated with service publication and SPNs.
WMI Classes Associated with Service Publication and SPNs
| Class Name | Namespace | Version Compatibility |
|---|---|---|
DS_LDAP_Class_Containment |
root\directory\LDAP |
Domain controllers running:
|
DS_LDAP_Instance_Containment |
root\directory\LDAP |
Domain controllers running:
|
For more information about these WMI classes, see “Mapping Active Directory to WMI” in the WMI SDK documentation on MSDN.
Network Ports Used by Service Publication and SPNs
The network ports that are used by service publication and SPNs are listed in the following table.
Port Assignments for Service Publication and SPNs
| Service Name | UDP | TCP |
|---|---|---|
LDAP |
None |
389 |
LDAP SSL |
None |
636 |
RPC Endpoint Mapper |
135 |
135 |
Global Catalog LDAP |
None |
3268 |
Global Catalog LDAP SSL |
None |
3269 |
Kerberos |
88 |
88 |