Unregister an SPN
If you configured a service principal name (SPN) for your Active Directory (AD) decoy account, you can unregister it.
To remove an SPN from an account, do one of these actions:
-
Run this command:
CODEsetspn -D <service_class>/<username> <username>Where:
- service_class is the unique string that identifies the general class of service. For example,
SqlServer. - username is the username for the decoy account.
- service_class is the unique string that identifies the general class of service. For example,
- Open the decoy account in the Active Directory Users and Computers application. In the Attribute Editor, in the Values list, select the SPN, and then click Remove.