I'm trying to use the New-ADComputer -ServicePrincipalNames parameter with no success.
$comp = New-ADComputer -passthru -name "server1" -path "ou=Org2,ou=Org1,dc=mydomain,dc=com" -DNSHostName "server1.mydomain.com" -serviceprincipalnames @{add="HOST\server1","HOST\server1.mydomain.com"}
but this results in this error:
New-ADComputer : The name reference is invalid
At line:1 char:10
+ $comp1 = New-ADComputer -name "server1" -path "ou=Org2,ou=Org1,dc=mydomain,dc=com...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (CN=server1,ou=Org2,ou=Org1,dc=mydomain,dc=com:String) [New-ADComputer], ADException
+ FullyQualifiedErrorId : The name reference is invalid,Microsoft.ActiveDirectory.Management.Commands.NewADComputer
If I remove the -serviceprincipalnames parameter and use it like this:
$comp = New-ADComputer -passthru -name "server1" -path "ou=Org2,ou=Org1,dc=mydomain,dc=com" -DNSHostName "server1.mydomain.com"
$comp.serviceprincipalname.add("HOST\server1")
$comp.serviceprincipalname.add("HOST\server1.mydomain.com")
Set-ADComputer -Instance $comp
it works fine, but this results in a two step process.
I don't want to use the two step process (due to issues with multiple DCs and object replication) so am looking to figure out why this isn't working with the New-ADComputer command.
Best Answer
I've ran into this same problem, and it seems like there is a bug in the way new-adcomputer adds UPN's to the serviceprincipalname field. Most likely it's because it has to translate the backslashes to forward slashes, which it fails to do correctly when using the new-adcomputer.
However, if you use a piped set-adcomputer with forward slashed UPN's, it will correctly create your computer.
Example of a working piped ServicePrincipalNames ad-computer creation.
I'm not sure if it'll pass your multi step requirements, but it might help you find a solution.