list all SPNs used in your Active Directory

There are a lot of hints & tips out there for troubleshooting SPNs (service principal names).

Listing duplicate SPNs is fairly easy, use the “setspn -X” command and you’ll find out.

But how do you find out which SPNs are used for which users and computers are used for this?

Quite some scripts  you find on the net assume you’re looking for a specific SPN (HTTP/… ) or a specific user or a specific computer…

Like using setspn to find SPNs linked to a certain computer

setspn -L <ServerName>

Like using setspn to find SPNs linked to a certain user account

setspn -L <domain\user>

The old school system admins go for LDIFDE, like

Ldifde -d "DC=Contoso,DC=Com" -l ServicePrincipalName -F C:\SPN.txt


Ldifde -f spnaccount.txt -r serviceprincipalname=*/servername* -l serviceprincipalname,samaccountname

Just recently I got a case where we need to clean up some SPNs, but the configuration was not documented.
The SPNs were unknown, and the user accounts and server names … eh spread all over the place…

So I needed a general script to list all SPNs, for all users and all computers…

Nice fact to know, SPNs are set as an attribute on the user or computer accounts.
So that makes it fairly ease to query for that attribute.

And modern admins do PowerShell, right?

Here you go!

#Set Search
$search = New-Object DirectoryServices.DirectorySearcher([ADSI]“”)
$search.filter = “(servicePrincipalName=*)”
$results = $search.Findall()

#list results
foreach($result in $results)
$userEntry = $result.GetDirectoryEntry()
Write-host “Object Name = “ $ -backgroundcolor “yellow” -foregroundcolor “black”
Write-host “DN      =      “  $userEntry.distinguishedName
Write-host “Object Cat. = “  $userEntry.objectCategory
Write-host “servicePrincipalNames”        $i=1

foreach($SPN in $userEntry.servicePrincipalName)
  Write-host “SPN(“ $i “)   =      “ $SPN       $i+=1
Write-host “”


(run this powershell on a DC with admin rights)

One comment

  1. I know this is an old thread, but this script it just what I needed. I have searched for 3 days to find a way to identify the SPNs and just found regurgitation of setspn commands. Thank you so much!

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.