====== Kerberos KEYTAB File for AADS ======

A Service Account for IWA AADS with no special rights is needed.\\
The file has to be created on a Windows Domain Controller with Domain Admin Rights.\\
On cmd run:
  setspn -S HTTP/<FRONT-END FQDN> <Domain user login>
  ktpass -out LocationOfKTfile -mapuser user@DOMAIN.SUFFIX -princ HTTP/serverFQDN@DOMAIN>SUFFIX -ptype KRB5_NT_PRINCIPAL -pass +rndPass -crypto all -kvno 0

**Example:**\\
DNS Domain: examp.local\\
Kerberos REALM: EXAMP.LOCAL **|Always writen in CAPITAL Letters**\\
AADS Frontend FQDN: aads.example.com\\
Service Account: iwa_adds\\

  setspn -S HTTP/aads.example.com iwa_adds
  ktpass -out c:\temp\aads.keytab -mapuser iwa_adds@EXAMP.LOCAL -princ HTTP/aads.example.com@EXAMP.LOCAL -ptype KRB5_NT_PRINCIPAL -pass +rndPass -crypto all -kvno 0