Directory Services

DsClientMakeSpnForTargetServer

The DsClientMakeSpnForTargetServer function constructs a service principal name (SPN) that identifies a specific server to use for authentication.

DWORD DsClientMakeSpnForTargetServer(
  LPCTSTR ServiceClass,
  LPCTSTR ServiceName,
  DWORD* pcSpnLength,
  LPTSTR pszSpn
);

Parameters

ServiceClass
[in] Pointer to a null-terminated string that contains the class of the service as defined by the service. This can be any string unique to the service.
ServiceName
[in] Pointer to a null-terminated string that contains the distinguished name service (DNS) host name. This can either be a fully-qualified name or an IP address in the Internet standard format.

Use of an IP address for ServiceName is not recommended because this can create a security vulnerability. Before the SPN is constructed, the IP address must be translated to a computer name through DNS name resolution. It is possible for the DNS name resolution to be spoofed, replacing the intended computer name with an unauthorized computer name.

pcSpnLength
[in, out] Pointer to a DWORD value that, on entry, contains the size of the pszSpn buffer, in characters. On output, this parameter receives the number of characters copied to the pszSpn buffer, including the terminating NULL.
pszSpn
[out] Pointer to a string buffer that receives the SPN.

Return Values

This function returns standard Win32 error codes.

Remarks

When using this function, supply the service class and part of a DNS host name.

This funciton is a simplified version of the DsMakeSpn function. The ServiceName is made canonical by resolving through DNS.

GUID-based DNS names are not supported. When constructed, the simplified SPN is as follows:

ServiceClass / ServiceName / ServiceName

The instance name portion (second position) is always set to default. The port and referrer fields are not used.

Requirements

Client: Included in Windows XP and Windows 2000 Professional.
Server: Included in Windows Server 2003 and Windows 2000 Server.
Redistributable: Requires Active Directory Client Extension on Windows NT 4.0 SP6a and Windows 95/98/Me.
Unicode: Implemented as Unicode and ANSI versions on Windows NT/2000/XP.
Header: Declared in Ntdsapi.h.
Library: Use Ntdsapi.lib.

See Also

DsMakeSPN, Domain Controller and Replication Management Functions