SqlSpnManager

1.4.1

Getting SQL Server SPNs right — and keeping them right across Standalone, Always On, and Failover Cluster instances — is harder than it should be. SqlSpnManager takes the guesswork out: checks for duplicate SPNs forest-wide before touching anything, auto-resolves FCI cluster accounts, and handles cross-forest deployments. In shops where the DBA cannot write to AD dire
Getting SQL Server SPNs right — and keeping them right across Standalone, Always On, and Failover Cluster instances — is harder than it should be. SqlSpnManager takes the guesswork out: checks for duplicate SPNs forest-wide before touching anything, auto-resolves FCI cluster accounts, and handles cross-forest deployments. In shops where the DBA cannot write to AD directly, Export-SqlSpnRegistrationScript produces a clean setspn bundle the AD admin runs on their own schedule. Full audit log and Windows Event Log output on every operation.
Show more

Minimum PowerShell version

5.1

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name SqlSpnManager

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name SqlSpnManager

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

(c) Keith Ramsey. All rights reserved.

Package Details

Author(s)

  • Keith Ramsey

Tags

SQL SPN Kerberos ActiveDirectory AD FCI AlwaysOn AG Authentication Audit EventLog SIEM DBA Governance ServicePrincipalName CrossForest gMSA ManagedServiceAccount Windows

Functions

Add-SqlSpn Assert-SqlAccountStandard Export-SqlSpnRegistrationScript Get-SqlSpnAccount Get-SqlSpnDiscoveryEngine Get-SqlSpnInfrastructure Invoke-SqlSpnExecutionEngine New-SqlSpnPlan Remove-SqlSpn Show-SqlSpnDiagnostic Start-SqlSpnConfiguration Start-SqlSpnManager Test-SqlSpnPlan

PSEditions

Desktop Core

Dependencies

This module has no dependencies.

Release Notes

v1.4.1:
- Cleaned up module description on PSGallery.

v1.4.0 (Phase 3 close - DR-309 + DR-311):
- Public surface narrowed to the lab-proven Engine core (DR-309):
 Role in {Engine, Agent} x Scenario in {Standalone, AlwaysOn, FCI}.
 SSAS, SSRS, PBIRS, Browser, MSDTC deferred as named, demand-sequenced,
 prove-before-expose post-v1 expansions (internal tables unchanged).
- Added Export-SqlSpnRegistrationScript (DR-311): renders a plan into a
 clean setspn command bundle for an AD admin to execute. Supports Cmd
 and PowerShell formats. Output carries provenance: module version,
 plan GUID, UTC stamp, target account sAMAccountName + DN. Closes the
 workflow for AD-segregated organisations (regulated environments,
 anywhere the DBA does not have AD write rights).
- DR-307 closed as documented v1 limitation (option c): English-locale
 assumption for setspn success detection; engineered fix deferred as a
 named post-v1 increment, reopens on real demand signal.
- DR-310 (Level 1 testing standard) implemented across the unit suite:
 tests run our own real functions and substitute ONLY the true external
 edge (setspn / AD cmdlets / OS APIs). Surfaced and removed a tautology
 test and a 30s remote-registry network hang.
- 213/213 Pester 5 tests; PSScriptAnalyzer gate clean; lab-validated
 Waves 1-3 on a real domain 2026-05-17.

FileList

Version History

Version Downloads Last updated
1.4.1 (current version) 0 5/24/2026
1.4.0 0 5/24/2026