Start-SqlSpnConfiguration

Start-SqlSpnConfiguration Programmatic, parameterized entry point for SPN registration with policy compliance.

Read / Write SqlSpnManager v1.4.0

Description

The non-interactive counterpart to Start-SqlSpnManager. Composes the full registration pipeline from named parameters so it can be called from scripts, automation, or scheduled tasks:

Resolve-SqlPolicyFromContext -> Assert-SqlAccountStandard ->
Get-SqlSpnInfrastructure -> Get-SqlSpnAccount -> New-SqlSpnPlan ->
Test-SqlSpnPlan -> Invoke-SqlSpnExecutionEngine

The policy-compliance step (Assert-SqlAccountStandard) is the differentiator from a hand-rolled pipeline: it validates that the account follows the configured naming/OU/object-class convention before any SPN work begins.

Honors ShouldProcess via the underlying engine. Use -WhatIf to preview, or -Force (which sets -Confirm:$false on Invoke-SqlSpnExecutionEngine) to skip all prompts.

Recipes

Recipe 1

EXAMPLE 1

Start-SqlSpnConfiguration -SamAccountName svc_sql_prod -Scenario Standalone -Role Engine -TargetName SQLSRV01

Recipe 2

EXAMPLE 2

Start-SqlSpnConfiguration -SamAccountName SQLFCI01$ -Scenario FCI -Role Engine -TargetName SQLFCI01 -Force

Recipe 3

EXAMPLE 3

$r = Start-SqlSpnConfiguration -SamAccountName svc_sql_prod -Scenario Standalone -Role Engine -TargetName SQLSRV01 -Force -PassThru
if ($r.OverallStatus -eq 'PartialFailure') { $r.Spns | Where-Object Action -eq 'Failed' }

Notes

For interactive operator use, see Start-SqlSpnManager.

Parameters

-SamAccountName required String

SAM account name to register the SPN against (e.g., svc_sql_prod or SQLFCI01$).

-Scenario required String

Infrastructure type: Standalone, AlwaysOn, or FCI. (MSDTC deferred per DR-309.)

-Role required String

SQL service role: Engine or Agent. (SSAS, SSRS, Browser deferred per DR-309.)

-TargetName required String

DNS name of the server, virtual computer, or AG listener.

-ManualPort optional Int32

Override automatic port discovery.

-InstanceName optional String

SQL instance name. Defaults to MSSQLSERVER (default instance).

-VirtualComputerAccount optional PSObject

Optional explicit VCO override for FCI Engine registrations.

-UseGmsa optional SwitchParameter

Indicates the account is a group Managed Service Account (selects the gMSA policy variant).

-SkipCompliance optional SwitchParameter

Bypass the Assert-SqlAccountStandard policy check. Use when the policy table doesn't yet cover the role/scenario combination.

-SkipPreflight optional SwitchParameter

-Force optional SwitchParameter

Skip ShouldProcess confirmation prompts during execution.

-PassThru optional SwitchParameter

Opt-in. Return the engine's structured SqlSpn.ExecutionResult to the caller (see Invoke-SqlSpnExecutionEngine for the shape, locked by DR-308). Off by default so existing scripted callers see no behaviour change. The console output and audit log are written exactly as before.

-WhatIf optional SwitchParameter

-Confirm optional SwitchParameter

Was this page helpful? Report an issue or suggest an improvement →