Enabling SPN delegation for AD users.
By default delegation of SPN ( Service principle Name) won't be enabled in Windows 2003 native mode. if its in win2000 mixed mode we can find it in Account tab .
If its in Win2003 native mode & if need to enable delegation we can use below Win2K3 Support tool
----setspn -A service/computer domain\username
It will delegate user specified to mentioned service on system.
Eg: SetSpn -A DNS/ADC-01 Testdom\testuser
Same command execution will enable a delegation tab in user properties.
we can apply delegation to same service for other users by enabling delegation tab & resolving service through this userID.
this helps in providing Service level delegation to AD Users.
