Add-ADComputerServiceAccount -Identity mia-sql
3. Go to the computer where you will use the managed account. Make sure you have installed the AD Power Shell feature and then Install-ADServiceAccount -Identity msasql
4. Go to the SQL Configuration and change the appropriate service to use this account. Make sure you use a dollar sign e.g. contoso\msasql$ and that the password fields are blank.
If you need to roll the password use Reset-ADServiceAccountPassword msasql
1. SPN for SQL Install ADSIEdit on DC from W2003 Support Tools. Change SPN of SQL Service Account to: MSSQLSvc/sql1.litware.com:1433 MSDN also says add not just FQDN but NetBIOS name also: MSSQLSvc/sql1:1433 Don't understand why this is necessary. If the SQL is on the same machine as MOSS Kerberos will not be used. Ditto named pipes are used. See blog. You can also check your work by using the SetSPN -L SQLService From the the W2003 Resource kit you can use Klist and Kerbtray To list or purge the Tickets use Klist tickets or Klist purge. 2. SPN for Central Admin Add SPNs to Central Admin App Pool Identity. HTTP/moss01:12345 HTTP/moss01.litware:12345 Change Central Admin to negotiate Use this link to get to stsadm stsadm -o authentication -url http://moss01:12345 -type windows -usewindowsintegrated Browse to site. If you get following error Logon Failure: Reason:Unknown user name or bad password User Name: Domain: Logon Type:3 Logon Process:Kerberos Authentication Package:Kerberos Workstation Name:- Caller U…