I'm on the train which is taking me to Poznań for meeting with a customer, so this gives me an opportunity to finally write something. For a start I'll share a quick tip about ADU&C and the delegation tab as an introduction to further posts.

If you want to set a right to delegate user credentials in the Kerberos authentication schema to some account, one way of doing this is through ADU&C. In the object properties there is a Delegation tab which allows you to configure appropriate delegation settings. But what if it is not there? (the tab, not the object)

 

If the delegation settings tab is not visible, it simple means that no SPNs have been configured for the given account. And the deal is simple ... no SPNs, no delegation scenarios. So how does one configure the delegation settings in this case? Just add SPN value to the object and the delegation tab will appear in the object properties!


Magic is done. Careful readers know right now that some Kerberos post is on the way ... to Poznań ;).

PS. Train was ~45 minutes late at arrival.