DsClientMakeSpnForTargetServerA function (ntdsapi.h)

The DsClientMakeSpnForTargetServer function constructs a service principal name (SPN) that identifies a specific server to use for authentication.

Syntax

NTDSAPI DWORD DsClientMakeSpnForTargetServerA(
  [in]      LPCSTR ServiceClass,
  [in]      LPCSTR ServiceName,
  [in, out] DWORD  *pcSpnLength,
  [out]     LPSTR  pszSpn
);

Parameters

[in] ServiceClass

Pointer to a null-terminated string that contains the class of the service as defined by the service. This can be any string unique to the service.

[in] ServiceName

Pointer to a null-terminated string that contains the distinguished name service (DNS) host name. This can either be a fully qualified name or an IP address in the Internet standard format.

Use of an IP address for ServiceName is not recommended because this can create a security issue. Before the SPN is constructed, the IP address must be translated to a computer name through DNS name resolution. It is possible for the DNS name resolution to be spoofed, replacing the intended computer name with an unauthorized computer name.

[in, out] pcSpnLength

Pointer to a DWORD value that, on entry, contains the size of the pszSpn buffer, in characters. On output, this parameter receives the number of characters copied to the pszSpn buffer, including the terminating NULL.

[out] pszSpn

Pointer to a string buffer that receives the SPN.

Return value

This function returns standard Windows error codes.

Remarks

When using this function, supply the service class and part of a DNS host name.

This function is a simplified version of the DsMakeSpn function. The ServiceName is made canonical by resolving through DNS.

GUID-based DNS names are not supported. When constructed, the simplified SPN is as follows:

ServiceClass / ServiceName / ServiceName

The instance name portion (second position) is always set to default. The port and referrer fields are not used.

Note

The ntdsapi.h header defines DsClientMakeSpnForTargetServer as an alias which automatically selects the ANSI or Unicode version of this function based on the definition of the UNICODE preprocessor constant. Mixing usage of the encoding-neutral alias with code that not encoding-neutral can lead to mismatches that result in compilation or runtime errors. For more information, see Conventions for Function Prototypes.

Requirements

Requirement Value
Minimum supported client Windows Vista
Minimum supported server Windows Server 2008
Target Platform Windows
Header ntdsapi.h
Library Ntdsapi.lib
DLL Ntdsapi.dll

See also

Domain Controller and Replication Management Functions

DsMakeSpn