You are here: Security > Application Manager credentials > Setting SPN update permissions

Setting SPN update permissions

The Write servicePrincipalName permission on the source computer account in Active Directory must be assigned to the account that will modify the SPNs. This is an advanced permission and assigning either of the more general Write or Full Control permissions, which are assigned to Domain Admins by default, would also be adequate. The permission must be assigned to one of the following:

The target's Double-Take service logon account. If the target's Double-Take service is configured to log on as the System account, the target's Active Directory computer account should be assigned the permissions.
The account specified in the failover monitor configuration.

Use the following procedure to assign the Write servicePrincipalName permission to a user or group:

Start Active Directory Users and Computers.
Select View, Advanced.
Locate the source's computer account.
Right-click on the source computer account and select Properties.
Select the Security tab and click the Advanced button.
If the account or group you want to add is not listed, click Add to add it.
Select the account or group and click View/Edit.
Select the Properties tab and check Validate Write servicePrincipalName.
Click OK twice.
Close Active Directory Users and Computers.