I am setting up Windows AD for BO XIR3. The Network Administrator is giving me push back about running setspn on the domain controller. Is there any documentation addressing security and setspn?
Thanks.
lrdrake2000 (BOB member since 2006-07-10)
You need to ran on domain controller. I had done numerous AD SSO. To convince him look at the Admin guide.
icotler 
(BOB member since 2002-08-19)
I have reviewed the Administration guide, but it does not explicitly state it needs to be executed on the Domain controller. Do you happen to know which chapter or page?
Thanks.
lrdrake2000 (BOB member since 2006-07-10)
From 3.1 SP3 Admin guide page 512
To run the SPN utility on Windows 2000
- Download the utility from this location to your Domain controller:
http://www.microsoft.com/windows2000/techin
fo/reskit/tools/existing/setspn-o.asp
Note:
The SETSPN utility is a program that allows you to manage the Service
Principal Name (SPN) for service accounts in Active Directory.
icotler (BOB member since 2002-08-19)
SPN should be on domain controller… else there could be some issues.
SPN was created from the database initially and we faced problem with the name getting reset due to length constraints…
I am unable to explain it clearly but this was what our Windows admin informed us when we faced problem with the SPN account.
-Aruna
arunmozhi 
(BOB member since 2007-12-26)