Q. The Setspn.exe tool improperly adds the dollar sign to the host name when you reset a service principal name in Windows Server 2003 Active Directory?

When you reset a SPN (Service Principal Name) for a computer account in the Active Directory directory service, using Setspn.exe -R in Windows Server 2003, the console displays:

Registering ServicePrincipalNames for CN=,CN=Computers,DC=YourDomain,DC=com        HOST/$.YourDomain        HOST/$Updated objectinstead of displayingRegistering ServicePrincipalNames for CN=,CN=Computers,DC=YourDomain,DC=com        HOST/.YourDomain        HOST/Updated object

having improperly added the dollar sign ($) to the host name.

NOTE: SetSPN.exe is installed from the Support Tools on the Windows Server 2003 CD-ROM (SupportToolsSuptools.msi).

To workaround this behavior, modify the servicePrincipalName attribute:

01. Start / Run / adsiedit.msc / OK.

02. If not already connected in ADSI Edit, connect to a domain controller.

03. Expand Domain [domainControllerName.YourDomain.com], expand DC=YourDomain,DC=com, and then expand CN=Computers, or the appropriate path.

04. Right-click CN=serverName and press Properties.

05. Select the Attribute Editor tab.

06. Check the Show mandatory attributes and Show optional attributes boxes.

07. Select servicePrincipalName in the Attributes list and press Edit.

08. Using the Multi-valued String Editor dialog, select HOST/serverName$ and press Remove.

09. Remove the dollar sign ($) in the Value to add box and press Add, unless this entry already exists in the Values list.

10. Select HOST/serverName$.YourDomain and press Remove.

11. Remove the dollar sign ($) in the Value to add box and press Add, unless this entry already exists in the Values list.

12. Press OK and OK.

13. Exit ADSI Edit.