126.96.36.199 SPN for a Target DC in AD LDS
<DRS interface GUID>-ADAM/<DNS hostname>:<LDAP port>
<DRS interface GUID>-ADAM/<NetBIOS hostname>:<LDAP port>
In the preceding SPN descriptions:
"-ADAM/" is a literal string.
<DNS hostname> is the full DNS host name of the target DC.
<NetBIOS hostname> is the NetBIOS host name of the target DC.
The colon (':') is the literal separator between the host name and port number.
<LDAP port> is the LDAP port on which the target DC listens.
If an AD LDS DC runs on a machine joined to an Active Directory domain, and NTDSDSA_OPT_DISABLE_SPN_REGISTRATION is not present in the options attribute of its nTDSDSA object ([MS-ADTS] section 188.8.131.52.184.108.40.206.1), the AD LDS DC MUST store these two forms of SPN as values of the servicePrincipalName attribute of the object (in the external AD DS domain) that corresponds to the security principal that the AD LDS service is running as. This action allows mutual authentication to occur in DC-to-DC protocol operations. Additional forms that must be stored for client-to-DC protocol operations are described in section 220.127.116.11.