Kerb-003 Services accounts and Hosts pre-requisites

We need now to define all the accounts and hosts that will be used to access by users to the different resources. It’s necessary before to publish all the SPN and delegations.

You must remember at this step that Kerberos need to have only one service publication corresponding to a resource owned by one service domain user (or computer).

For example you must create 2 different hosts for an HTTP access to 2 web applications hosted on same server if there will be owned by 2 different users (as sharepoint and IIS datapump site in our configuration).

Moreover, there are 2 technical pre-requisites you must keep in your mind before to create any host or service user in your active directory.

The first pre-requisites is that all your BI hosts MUST be serviceDNSNameType A (and not a CNAME alias), because Kerberos permits only to use hosts. 
 

Please refer to http://technet.microsoft.com/en-us/library/cc755804(WS.10).aspx

The second pre-requisites is that all the service users that will be used in your environment must have the property userAccountControl = 16843264 (in decimal)

UserAccountControl is a property of the account that can be changed trough adsiedit console. This property means that users can delegate resources.

Please refer to this excellent blog to understand this point:

http://blogs.technet.com/ad/archive/2008/05/09/trusted-for-delegation-in-services-for-user-s4u.aspx

Comments

[cleaning company dubai]

Well before hiring an important maid on Dubai, regardless if part-time and full-time, consider concentrating on the product and if you possibly can afford the application. Also, consider ones own family’s needs incase hiring can assist them end up comfortable on top of that. If you need maid expertise in Dubai, secure free insurance quotations on ServiceMarket.