We are trying to set up SPNs for SQL SSRS in an environment that only has Azure AD. If I ran the SETSPN -S
MSCRMSandboxService/TESTCRM domain\crmtestserv
SETSPN -S MSCRMSandboxService/TESTCRM.symposium.org domain\crmtestserv I always get the message that my account has insufficient right even if the account is in the AAD DC Administrators group.
So what would be the process to set a SPN while using Azure AD?
You must create new Organizational Units (OU) and place the computer and user accounts in those. Accounts in the AAD DC Computers and AAD DC Users OUs can't be configured in certain ways, inluding with setspn.
https://learn.microsoft.com/en-us/azure/active-directory-domain-services/deploy-kcd
You can create a new OU and move computers and users there with Active Directory Administration Center on a Windows VM joined to the domain. It's also worth noting that the service account you use must be created within something like Active Directory Administration Center - accounts synchronized via Azure AD won't work.