ksetup addrealmflags

Applies to Windows Server (All supported versions)

The ksetup addrealmflags command adds other realm flags to a specified realm.

Syntax

ksetup /addrealmflags <realmname> [sendaddress] [tcpsupported] [delegate] [ncsupported] [rc4]

Parameters

Remarks

• Realm flags are stored in the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\<realmname>. This entry doesn't exist in the registry by default. You can use the ksetup addrealmflags command to populate the registry.

• The realm flags specify other features of a Kerberos realm that aren't based on the Windows Server operating system. Computers running Windows Server can use a Kerberos server to administer authentication in the Kerberos realm instead of using a domain running a Windows Server operating system. This registry entry establishes the features of the realm and is as follows:

• You can see the available and set realm flags by viewing the output of ksetup or ksetup /dumpstate.

Examples

To list the available realm flags for the realm CONTOSO, type:

ksetup /listrealmflags

To set two flags to the CONTOSO realm, type:

ksetup /setrealmflags CONTOSO ncsupported delegate

To add one more flag that isn't currently in the set, type:

ksetup /addrealmflags CONTOSO SendAddress

To verify the realm flag is set, type ksetup and then view the output, looking for the text, Realm flags =. If you don't see the text, it means that the flag hasn't been set.

Related links

• Command-Line Syntax Key

• ksetup command

• ksetup listrealmflags command

• ksetup setrealmflags command

• ksetup delrealmflags command

• ksetup dumpstate command