<div>
<div class="content wysiwyg-content">
Hi Experts,<br />
<br />
Need to verify with your team, AD/SQL minimum permissions required to successfully register SPNs in AD. By setting the SQL startup accounts to properly register SPN , I should be able to allow a SQL service account to register SPNs in AD .<br />
<br />
Need to validate this for a Windows 2008 R2 SQL clusters, and for recent versions &nbsp;2012, &nbsp;2016. Please, make sure your answer carefully consider all of the environments. My understanding is that we already have a 2008 R2 SQL clusters, and permissions were not given before the installation of the cluster, you can later on assign permissions to register SPNs. Please, specify if rights should be granted at the cluster virtual object of SQL, cluster nodes, cluster instances and/ or computer nodes of the cluster.<br />
<br />
On the other hand, advise if Domain admin rights is the only option to register SPN in AD. Otherwise, provide step by step instructions to allow SQL service accounts and clusters/nodes/instances to successfully register SPNs in AD
</div>
</div>


Hi Experts,

Need to verify with your team, AD/SQL minimum permissions required to successfully register SPNs in AD. By setting the SQL startup accounts to properly register SPN , I should be able to allow a SQL service account to register SPNs in AD .

Need to validate this for a Windows 2008 R2 SQL clusters, and for recent versions  2012,  2016. Please, make sure your answer carefully consider all of the environments. My understanding is that we already have a 2008 R2 SQL clusters, and permissions were not given before the installation of the cluster, you can later on assign permissions to register SPNs. Please, specify if rights should be granted at the cluster virtual object of SQL, cluster nodes, cluster instances and/ or computer nodes of the cluster.

On the other hand, advise if Domain admin rights is the only option to register SPN in AD. Otherwise, provide step by step instructions to allow SQL service accounts and clusters/nodes/instances to successfully register SPNs in AD

AD permissions required to allow computer objects and service accounts to register SPNs

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Microsoft SQL Server is a suite of relational database management system (RDBMS) products providing multi-user database access functionality.SQL Server is available in multiple versions, typically identified by release year, and versions are subdivided into editions to distinguish between product functionality. Component services include integration (SSIS), reporting (SSRS), analysis (SSAS), data quality, master data, T-SQL and performance tuning.

Microsoft SQL Server

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.

Windows Server 2008

Windows Server 2012 is the server version of Windows 8 and the successor to Windows Server 2008 R2. Windows Server 2012 is the first version of Windows Server to have no support for Itanium-based computers since Windows NT 4.0. Windows Server 2012, now in its second release (Windows Server 2012 Release 2) includes Foundation, Essentials, Standard and Datacenter, and does not support IA-32 or IA-64 processors.